Home
Xirrus
Wireless Access Point
XR2425H
Xirrus XR2425H User Manual
4
of 1
of 1 rating
662 pages
Give review
Manual
Specs
To Next Page
To Next Page
To Previous Page
To Previous Page
Loading...
W
ireless Access Point
606
11
.
These additional features ar
e not allowed in FIPS mode: FTP
, TFTP
, and
zero-touch activation. Only FIPS
approved ciphers ar
e used for SSH/
HTTPS in FIPS mode.
12.
When FIPS mode is enable
d/disabled, CSPs (critical se
curity parameters)
are zer
oed, configuration is save
d and the system is rebooted.
631
633
Table of Contents
Table of Contents
5
Wireless Access Points
3
List of Figures
19
Introduction
27
The Xirrus Family of Products
27
Nomenclature
28
Why Choose the Xirrus Access Point
29
Wireless Access Point Product Overview
30
Figure 2. Wireless AP (XR Series)
30
XR Wireless AP Product Family
31
XR-320 Wall Mounted 2-Radio Access Points
31
XR-500 Series 2-Radio Access Points
32
Series 2-Radio Access Points
33
XR-1000 Series 2-Radio Access Points
34
XD4-130 4-Radio High Density Access Points
35
XR-2006 Series 2- and 4-Radio High Density Access Points
36
XR-2005 Series 2- and 4-Radio Access Points
37
XR-4006 Series 4- to 8-Radio High Density Access Points
38
XR-4000 Series 4- to 8-Radio High Density Access Points (Not Ending in "6")
39
Enterprise Class Security
40
XR-6000 Series 8- to 16-Radio High Density Access Points
40
Deployment Flexibility
41
Figure 3. Wireless Coverage Patterns
41
Enterprise Class Management
42
Figure 4. XP8 - Power over Ethernet Usage
42
Power over Ethernet (POE)
42
Figure 5. WMI: AP Status
43
Key Features and Benefits
44
Extended Coverage
44
Figure 6. Layout of Iaps (XR-7630)
44
High Capacity and High Performance
44
Figure 7. Coverage Schemes (XR-7230 Shown)
45
Flexible Coverage Schemes
45
Ease of Deployment
46
Fast Roaming
46
Non-Overlapping Channels
46
Powerful Management
46
SDMA Optimization
46
Secure Wireless Access
46
Applications Enablement
47
Advanced Feature Sets
47
Xirrus Advanced RF Performance Manager (RPM)
47
Xirrus Advanced RF Security Manager (RSM)
48
Xirrus Advanced RF Analysis Manager (RAM)
49
Xirrus Application Control
50
About this User's Guide
51
Organization
51
Notes and Cautions
53
Screen Images
53
Product Specifications
53
Installing the Wireless AP
55
Installation Prerequisites
55
Figure 1. Xirrus AP
55
Client Requirements
57
Optional Network Components
57
Planning Your Installation
58
General Deployment Considerations
58
Figure 8. Wall Thickness Considerations
59
Coverage and Capacity Planning
60
Figure 9. Unit Placement
60
Placement
60
Figure 10. Full (Normal) Coverage
61
Figure 11. Adjusting RF Patterns
61
RF Patterns
61
Capacity and Cell Sizes
62
Figure 12. Custom Coverage
62
Figure 13. Connection Rate Vs. Distance
62
Figure 14. Transmit Power
63
Fine Tuning Cell Sizes
63
Figure 15. Auto Cell Size Options
64
Allocating Channels
65
Figure 16. Overlapping Cells
65
Roaming Considerations
65
Figure 17. Allocating Channels Manually
66
Other Factors Affecting Throughput
67
About IEEE 802.11Ac
68
Figure 18. Spatial Multiplexing
70
MIMO (Multiple-In Multiple-Out)
70
Up to Eight Simultaneous Data Streams - Spatial Multiplexing
70
Figure 19. MIMO Signal Processing
71
MU-MIMO (Multi-User Multiple-In Multiple-Out)
71
Figure 20. MU-MIMO with Four Antennas
72
Figure 21. Physical Layer Data Encoding
73
Higher Precision in the Physical Layer
73
80 Mhz and 160 Mhz Channel Widths (Bonding)
74
802.11Ac Data Rates
75
Figure 22. Channel Bonding (Channels 36-64 Shown)
75
Figure 23. Maximum 802.11Ac Data Rates
75
802.11Ac Deployment Considerations
76
Acexpress
76
Failover Planning
78
Figure 24. Port Failover Protection
78
Figure 25. Switch Failover Protection
80
Switch Failover Protection
80
Power over Ethernet
81
Power Planning
81
Authentication
82
Security Planning
82
Wireless Encryption
82
Meeting FIPS Standards
83
Meeting PCI DSS Standards
83
Figure 26. Port Requirements for XMS
84
Port Requirements
84
Network Management Planning
88
Figure 27. WDS Link
89
WDS Planning
89
Figure 28. a Multiple Hop WDS Connection
90
Figure 29. WDS Failover Protection
90
Common Deployment Options
92
Installation Workflow
93
Figure 30. Installation Workflow
93
Installing Your Wireless AP
95
Choosing a Location
95
Figure 31. AP Placement
95
Wiring Considerations
95
Dismounting the AP
98
Mounting and Connecting the AP
98
Powering up the Wireless AP
98
Figure 32. LED Locations
98
AP LED Operating Sequences
99
LED Boot Sequence
99
LED Operation When AP Is Running
100
Zero-Touch Provisioning and Ongoing Management
101
XMS-Cloud Next Generation (XMS-9500-CL-X)
101
XMS-Enterprise
101
If You Are Not Using XMS
102
AP Management Interfaces
103
Figure 33. Network Interface Ports-XR-520 (Left); XR-1000 Series (Right)
103
Figure 34. Network Interface Ports-XR-600 Series
103
Figure 35. Network Interfaces-XR-2000 Series (Left); XR-2005/2006 (Right)
103
User Interfaces
103
Figure 36. Network Interface Ports-XR-4000 Series
104
Figure 37. Network Interface Ports-XR-6000 Series
104
Using the Serial Port
104
Using the Ethernet Ports to Access the AP
105
Logging in
106
Starting the WMI
106
Licensing
106
Performing the Express Setup Procedure
107
Securing Low Level Access to the AP
108
The Web Management Interface
111
Managing Aps Locally or Using XMS
111
An Overview
112
Figure 38. Web Management Interface
112
Structure of the WMI
113
User Interface
115
Figure 39. WMI: Frames
115
Figure 40. WMI Header
116
Figure 41. WMI Command Log
117
Figure 42. WMI: Utility Buttons
117
Logging in
118
Figure 43. Logging in to the Wireless AP
118
Applying Configuration Changes
119
Character Restrictions
119
Viewing Status on the Wireless AP
121
Figure 91. Application Control
121
Access Point Status Windows
122
Access Point Summary
122
Figure 44. AP Summary
122
Content of the Access Point Summary Window
123
Figure 45. Disabled IAP (Partial View)
125
Figure 46. IAP Cells
125
Figure 47. Network Assurance and Operating Status
126
Access Point Information
128
Figure 48. AP Information
128
Access Point Configuration
129
Figure 49. Show Configuration
129
Admin History
130
Figure 50. Admin Login History
130
Network Status Windows
130
Figure 51. Network Settings
131
Network
131
Content of the Network Map Window
132
Network Map
132
Figure 53. Spanning Tree Status
135
Spanning Tree Status
135
ARP Table
136
Figure 54. Routing Table
136
Figure 55. ARP Table
136
Routing Table
136
Connection Tracking/Nat
137
DHCP Leases
137
Figure 56. DHCP Leases
137
Figure 57. Connection Tracking
137
CDP List
138
Figure 58. CDP List
138
Figure 59. LLDP List
139
Figure 60. Network Assurance
139
LLDP List
139
Network Assurance
139
Figure 61. Undefined Vlans
140
Undefined Vlans
140
RF Monitor Windows
141
Figure 62. RF Monitor - Iaps
142
Figure 63. RF Monitor - Iaps
142
IAP Monitoring
142
Spectrum Analyzer
143
Figure 64. RF Spectrum Analyzer
144
Figure 65. Intrusion Detection/Rogue AP List
146
Rogues
146
Channel History
148
Figure 66. RF Monitor - Channel History
148
Figure 67. RF Monitor - Channel History (Rotated)
149
Figure 68. RF Monitor - Channel History (Text)
149
Figure 69. Radio Assurance
150
Radio Assurance
150
Station Status Windows
152
Stations
153
Figure 71. Location Map
155
Location Map
155
Figure 72. Controls for Location Map
156
Figure 73. Station RSSI Values
158
Rssi
158
Figure 74. Station RSSI Values - Colorized Graphical View
159
Figure 75. Station Signal-To-Noise Ratio Values
160
Figure 76. Station SNR Values - Colorized Graphical View
160
Signal-To-Noise Ratio (SNR)
160
Figure 77. Station Noise Floor Values
161
Noise Floor
161
Figure 78. Station Noise Floor Values - Colorized Graphical View
162
Figure 79. Max by IAP
163
Max by IAP
163
Figure 80. Station Assurance
164
Station Assurance
164
Figure 81. IAP Statistics Summary Page
165
IAP Statistics Summary
165
Statistics Windows
165
Per-IAP Statistics
166
Figure 82. Individual IAP Statistics Page
167
Figure 83. Network Statistics
168
Network Statistics
168
Figure 84. VLAN Statistics
169
VLAN Statistics
169
Figure 85. WDS Statistics
170
WDS Statistics
170
Figure 86. IDS Statistics Page
171
IDS Statistics
171
Figure 87. Filtered IDS Statistics
172
Figure 88. Filter Statistics
173
Filter Statistics
173
Station Statistics
173
Figure 89. Station Statistics
175
Figure 90. Individual Station Statistics Page
175
Per-Station Statistics
175
About Application Control
176
Application Control Windows
176
Application Control
178
Figure 92. Application Control (Pie Charts)
180
Figure 93. Application Control (Station Traffic)
181
Figure 94. Stations (Application Control)
182
Stations (Application Control)
182
Figure 95. System Log (Alert Level Highlighted)
183
System Log Window
183
Figure 96. IDS Event Log
184
IDS Event Log Window
184
Configuring the Wireless AP
187
Figure 185. WDS
187
Figure 188. Filters
187
Figure 192. Clusters
187
Express Setup
189
Figure 97. WMI: Express Setup
189
Figure 98. Leds Are Switched on
194
Figure 99. Network Interfaces
195
Network
195
Figure 100. Network Settings
196
Interfaces
196
Network Interface Ports
197
Bonds and Bridging
199
Figure 101. Network Bonds and Bridging
199
Figure 102. Bridging Traffic
200
Figure 103. Port Modes (A, B)
202
Figure 104. Port Modes (C, D)
203
Figure 105. Mirroring Traffic
205
Figure 106. DNS Settings
205
DNS Settings
206
Cisco Discovery Protocol (CDP) Settings
207
Figure 107. CDP Settings
207
Figure 108. LLDP Settings
208
LLDP Settings
208
Figure 109. Services
211
Services
211
Figure 110. Time Settings (Manual Time)
212
Time Settings (NTP)
212
Figure 111. Time Settings (NTP Time Enabled)
213
Figure 115. System Log
214
Figure 112. Netflow
215
Netflow
215
Figure 113. Wi-Fi Tag
216
Wi-Fi Tag
216
Figure 114. Location
217
Location
217
System Log
219
About Using Splunk for Xirrus Aps
222
Snmp
223
DHCP Server
226
Figure 117. DHCP Management
226
Figure 52. Network Map
228
Proxy Services
228
About Proxy Forwarding
229
Figure 118. Proxy Forwarding Example
229
Proxy Forwarding for HTTPS
230
Summary of Proxy Forwarding Behavior on the AP
231
Figure 119. Set up a Proxy Server on each Client (Windows)
232
Figure 120. Specify Proxy Servers (Windows)
233
Figure 121. Set up a Proxy Server on each Client (Apple)
234
Figure 122. Specify Proxy Servers (Apple)
235
About Using a Proxy Client for Management Traffic
236
Figure 123. Proxy Forwarding
236
Figure 124. Proxy Client for Management Traffic
237
Figure 125. Vlans
239
Vlans
239
Understanding Virtual Tunnels
240
VLAN Pools
241
Figure 126. VLAN Management
242
VLAN Management
242
About Xirrus Tunnels
246
Figure 127. Tunnel Summary
246
Tunnels
246
Figure 128. Tunnel Management
247
Tunnel Management
247
Figure 129. Tunnel SSID Assignments
249
SSID Assignments
249
Figure 130. Security
250
Security
250
Figure 132. Admin Management
251
Figure 133. Admin Privileges
251
Figure 135. Management Control
251
Figure 147. Rogue Control List
251
Understanding Security
251
Certificates and Connecting Securely to the WMI
254
Figure 131. Import Xirrus Certificate Authority
255
Using the Ap's Default Certificate
255
Admin Management
256
Using an External Certificate Authority
256
Admin Privileges
258
About Creating Admin Accounts on the RADIUS Server
260
Admin RADIUS
260
Figure 134. Admin RADIUS
261
Management Control
263
Figure 136. Pre-Login Banner
264
Figure 137. Management Transports
265
Figure 138. Management Modes
267
Figure 139. HTTPS (X.509) Certificate
270
Figure 140. External Certificate Authority
271
Access Control List
273
Figure 141. Access Control List
273
Figure 142. Global Settings (Security)
275
Global Settings
275
External Radius
279
Figure 143. External RADIUS Server
279
About Creating User Accounts on the RADIUS Server
280
Figure 144. Internal RADIUS Server
283
Internal Radius
283
Active Directory
285
Figure 145. Active Directory Server
286
Figure 146. Finding the Domain Name from Active Directory
287
Rogue Control List
289
Oauth 2.0 Management
290
Figure 148. Oauth 2.0 Management - Token List
291
Ssids
293
Understanding Ssids
294
Figure 149. Ssids
295
Figure 150. Four Traffic Classes
296
Understanding Qos Priority on the Wireless AP
296
Figure 151. Priority Level-IEEE 802.1P (Layer 2)
297
Figure 152. Priority Level-DSCP (Diffserv - Layer 3)
297
High Density 2.4G Enhancement-Honeypot SSID
300
Figure 153. SSID Management
302
SSID Management
302
SSID List (Top of Page)
303
Figure 154. SSID Management-Encryption, Authentication, Accounting
306
Figure 70. Stations
309
SSID Limits and Scheduling
309
Figure 155. WPR Internal Splash Page Fields (SSID Management)
312
Web Page Redirect (Captive Portal) Configuration
312
Figure 156. Customizing an Internal Login or Splash Page
317
Figure 157. Whitelist Configuration for WPR
318
Whitelist Configuration for Web Page Redirect
318
Figure 158. Purple Wifi Guest Access
319
Web Page Redirect for Purple Wifi Venues
319
Authentication Service Configuration
322
WPA Configuration
322
Active Iaps
323
Figure 159. Setting Active Iaps Per SSID
323
Figure 160. Per-SSID Access Control List
324
Per-SSID Access Control List
324
Honeypots
325
Figure 161. Honeypot Whitelist
326
Figure 162. Personal Wi-Fi
327
Personal Wi-Fi
327
Figure 163. Groups
329
Groups
329
Understanding Groups
329
Using Groups
330
Figure 164. Group Management
331
Group Management
331
Group Limits
334
Figure 165. Iaps
336
Figure 166. Source of Channel Setting
336
Iaps
336
Understanding Fast Roaming
337
IAP Settings
338
Figure 168. Global Settings (Iaps)
344
Global Settings
344
Beacon Configuration
346
Station Management
347
Advanced Traffic Optimization
349
Figure 169. Multicast Processing
349
Figure 170. Additional Optimization Settings
355
Figure 171. Global Settings 11An
360
Global Settings 11An
360
Figure 172. Global Settings .11Bgn
365
Figure 173. Global Settings .11N
365
Global Settings 11Bgn
366
Global Settings .11N
372
Figure 174. Global Settings 11Ac
375
Global Settings 11Ac
375
Global Settings .11U
377
Understanding 802.11U
377
Figure 175. 802.11U Global Settings
378
About Standby Mode
383
Advanced RF Settings
383
Figure 176. Advanced RF Settings
383
RF Monitor
384
RF Resilience
385
RF Power and Sensitivity
386
RF Spectrum Management
387
Station Assurance
390
Figure 177. Station Assurance (Advanced RF Settings)
391
Hotspot 2.0
392
Understanding Hotspot 2.0
392
Figure 178. Hotspot 2.0 Settings
394
Figure 179. NAI Realms
395
NAI Realms
395
Understanding NAI Realm Authentication
395
Figure 180. NAI EAP
396
Nai Eap
396
Figure 181. Intrusion Detection Settings
398
Intrusion Detection
398
Dos Attacks
399
Impersonation Attacks
400
About Blocking Rogue Aps
401
RF Intrusion Detection and Auto Block Mode
402
Dos Attack Detection Settings
403
Figure 182. LED Settings
404
Impersonation Detection Settings
404
LED Settings
404
DSCP Mappings
405
Figure 183. DSCP Mappings
405
Roaming Assist
406
Figure 184. Roaming Assist
407
About Configuring WDS Links
409
Wds
409
Figure 186. Configuring a WDS Link
410
Figure 187. WDS Client Links
411
Long Distance Links
411
WDS Client Links
411
Filters
415
Figure 189. Filter Lists
416
Filter Lists
416
Figure 190. Filter Management
419
Filter Management
419
Figure 191. Filter Category or Application
423
Cluster Management
425
Clusters
425
Figure 193. Cluster Management
426
Figure 194. Viewing Statistics in Cluster Mode
428
Airwatch
430
Figure 195. Airwatch Settings
430
Mobile
430
User Procedure for Wireless Access
432
Using Tools on the Wireless AP
435
System Tools
436
About Licensing and Upgrades
436
Figure 196. System Tools
436
System
438
Figure 197. Remote Boot Services
440
Remote Boot Services
440
Configuration Management
441
Figure 198. Configuration Management
441
Diagnostics
445
Figure 199. Saving the Diagnostic Log
445
Application Control Signature File Management
446
Figure 200. Managing Application Control Signature Files
446
Figure 201. Managing WPR Splash/Login Page Files
447
Web Page Redirect (Captive Portal)
447
Figure 202. System Command (Ping)
448
Network Tools
448
Figure 203. Radius Ping Output
449
Progress Bar and Status Frame
450
Cli
450
Figure 204. CLI Window
450
API Documentation
452
Figure 205. API Documentation
452
Figure 206. API - GET Request Details
453
GET Requests
453
Status/Settings
453
Trying a GET Request
454
Figure 207. API - GET Request Response
455
API Documentation Toolbar
456
Figure 208. API Documentation Toolbar
456
Options
457
Figure 209. WMI Display Options
457
Logout
458
Figure 210. Login Window
458
The Command Line Interface
459
Establishing a Secure Shell (SSH) Connection
459
Figure 211. Logging in
460
Getting Started with the CLI
461
Entering Commands
461
Getting Help
461
Figure 212. Help Window
462
Figure 213. Full Help
462
Figure 214. Partial Help
463
Top Level Commands
464
Root Command Prompt
464
Configure Commands
465
Show Commands
469
Statistics Commands
474
Configuration Commands
476
Acl
476
Admin
477
Auth
478
Cdp
478
Clear
480
Cluster
482
Contact-Info
483
Date-Time
484
Dhcp-Server
485
Dns
486
File
487
Filter
491
Air Cleaner
492
Figure 215. Air Cleaner Filter Rules
493
Group
495
Hostname
495
Interface
496
Load
497
Location
497
Location-Reporting
498
Management
499
MDM
501
More
502
Netflow
503
Quick-Config
505
Authentication-Server
506
Quit
506
Reboot
508
Reset
508
Restore
509
Roaming-Assist
510
Run-Tests
511
Security
513
Snmp
514
Ssid
515
Syslog
516
Tunnel
517
Uptime
518
Vlan
518
Wifi-Tag
519
Sample Configuration Tasks
521
Configuring a Simple Open Global SSID
522
Figure 216. Configuring a Simple Open Global SSID
522
Configuring a Global SSID Using WPA-PEAP
523
Figure 217. Configuring a Global SSID Using WPA-PEAP
523
Configuring an SSID-Specific SSID Using WPA-PEAP
524
Figure 218. Configuring an SSID-Specific SSID Using WPA-PEAP
524
Enabling Global Iaps
525
Figure 219. Enabling Global Iaps
525
Disabling Global Iaps
526
Figure 220. Disabling Global Iaps
526
Enabling a Specific IAP
527
Figure 221. Enabling a Specific IAP
527
Disabling a Specific IAP
528
Figure 222. Disabling a Specific IAP
528
Figure 223. Setting Cell Size Auto-Configuration for All Iaps
529
Setting Cell Size Auto-Configuration for All Iaps
529
Figure 224. Setting the Cell Size for All Iaps
530
Setting the Cell Size for All Iaps
530
Figure 225. Setting the Cell Size for a Specific IAP
531
Setting the Cell Size for a Specific IAP
531
Configuring Vlans on an Open SSID
532
Figure 226. Configuring Vlans on an Open SSID
532
Configuring Radio Assurance Mode (Loopback Tests)
533
Figure 227. Configuring Radio Assurance Mode (Loopback Testing)
534
Appendices
535
Appendix A: Quick Reference Guide
537
Factory Default Settings
537
Host Name
537
Network Interfaces
537
Serial
537
Gigabit 1 and Gigabit 2
538
Ntp
538
Server Settings
538
Syslog
538
Dhcp
539
Snmp
539
Default SSID
540
Global Settings - Encryption
540
Security
540
External RADIUS (Global)
541
Administrator Account and Password
542
Internal RADIUS
542
Management
542
Keyboard Shortcuts
543
Appendix B: FAQ and Special Topics
545
General Hints and Tips
545
Frequently Asked Questions
546
Multiple Ssids
546
Security
548
VLAN Support
551
AP Monitor and Radio Assurance Capabilities
553
Enabling Monitoring on the AP
553
How Monitoring Works
553
Radio Assurance
554
Radio Assurance Options
555
RADIUS Vendor Specific Attribute (VSA) for Xirrus
556
Location Service Data Formats
557
Euclid Location Server
557
Non-Euclid Location Server
557
Upgrading the AP Using the Boot Loader
559
Sample Output for the Upgrade Procedure
561
Appendix C: Notices (XD4 and XR500/600 Series Only)
565
Notices
565
EU Directive 1999/5/EC Compliance Information
569
Compliance Information (Non-EU)
576
Safety Warnings
578
Translated Safety Warnings
579
Software License and Product Warranty Agreement
580
Hardware Warranty Agreement
586
Appendix D: Notices (XR-1000 to XR-6000 Indoor Models)
589
Notices
589
EU Directive 1999/5/EC Compliance Information
593
Compliance Information (Non-EU)
600
Safety Warnings
602
Translated Safety Warnings
603
Software License and Product Warranty Agreement
604
Hardware Warranty Agreement
610
Appendix E: Medical Usage Notices
613
Appendix F: Auditing PCI DSS
619
Payment Card Industry Data Security Standard Overview
619
PCI DSS and Wireless
620
The Xirrus AP PCI Compliance Configuration
621
Figure 116. SNMP
621
The Pci-Audit Command
622
Figure 167. IAP Settings
622
Additional Resources
623
Figure 228. Sample Output of Pci-Audit Command
623
Appendix G: Implementing FIPS Security
625
Securing the AP Physically
625
Operator Required Actions
625
Applying Tamper Evident Seals
626
Figure 229. Tamper Evident Seal Application for Indoor Enclosure
626
To Implement FIPS 140-2, Level 2 Using WMI
627
Figure 230. Tamper Evident Seal Application Close-Up
627
Figure 231. AP Information
628
Figure 232. Security - Management Control Window
629
To Implement FIPS 140-2, Level 2 Using CLI
630
To Check if AP Is in FIPS Mode
630
About FIPS Configuration
631
Other manuals for Xirrus XR2425H
Quick Installation Guide
26 pages
4
Based on 1 rating
Ask a question
Give review
Questions and Answers:
Need help?
Do you have a question about the Xirrus XR2425H and is the answer not in the manual?
Ask a question
Xirrus XR2425H Specifications
General
Brand
Xirrus
Model
XR2425H
Category
Wireless Access Point
Language
English
Related product manuals
Xirrus XR-520
178 pages
Xirrus XR-620
178 pages
Xirrus XR-630
178 pages
Xirrus XR Series
662 pages
Xirrus XD Series
662 pages
To Next PageTo Next PageTo Previous PageTo Previous Page
Loading...
Need help?
General
