Step 9. Configure the VNS

A VNS (Virtual Networks Services) is created by binding a particular WLAN Service to one or more policies that are applied to wireless stations by default. This mapping can be overridden by authentication or an external interface. The configuration consists of configuring the topologies that represent the method by which user's traffic will be connected to the network.

Policies define the level of access that users are granted, whether users are restricted in the amount of bandwidth available to the user and the specification on which topology represents the user's point and method of network interface. Policies are implicitly assigned by a VNS by way of authentication and default states, or may be explicitly assigned by way of responses to user's authentication (RADIUS (Remote Authentication Dial In User Service) ACCESS-ACCEPT message).

The VNS Creation Wizard on the controller steps you through the service creation and its necessary subcomponents, resulting in a fully resolved set of elements and an active service.

Research the service types the system is expected to provide, such as wireless services, encryption types, infrastructure mapping (VLAN (Virtual LAN)s), and connectivity points such as switch ports (switch port VLAN configuration and trunks must match the controller‘s configuration. Then configure the traffic topologies your network must support in order to provide wireless user connectivity to infrastructure resources.
You can run the Basic Configuration Wizard to setup controller services such as NTP, Routing, DNS, and RADIUS servers, or you can define necessary infrastructure components such as the RADIUS servers, if CP or AAA services are to be used for user authentication. RADIUS servers are defined via the “VNS Configuration/Global/Authentication” tab.
Define the Topologies: Topologies represent the controller point of network attachment, therefore VLANS and port assignments must be coordinated with the corresponding switch ports.
Define Policies: Policies are typically bound to topologies. Policy application assigns user traffic to the corresponding network point. Policies define user access rights and reference a user‘s rate control profile. New definitions can be created in place.
Define the CoS (Class of Service): CoS refers to a set of attributes that define the importance of a frame while it is forwarded through the network relative to other packets, and to the maximum throughput per time unit that a station or port assigned to the policy is permitted. The CoS defines actions to be taken when rate limits are exceeded.
Define the WLAN service:
1. Select the set of APs/Radios on which the service is present
2. Configure the method of wireless user credential authentication for this service (None, Internal, CP, External CP, Guest Portal, or 802.1x[EAP]
Create a VNS that binds the WLAN service to the policies that are used for default assignment upon user network attachment.
For each Bridge Traffic Locally at EWC topology that is created, a tagged or untagged VLAN needs to be specified. In addition, the network port on which the VLAN is assigned must be configured on the switch, and the corresponding ExtremeWireless Appliance interface must match the correct VLAN.

Set up one or more virtual subnetworks on the ExtremeWireless Appliance. For each VNS, configure the following:

Topology – Select the Topology type and perform the following steps:

Type	Steps
Bridged @ Controller	Specify the VLAN for the interface.
	Select physical port on which VLAN is trunked.
	If L3 presence is desired, specify the IP address and subnet mask.
	Determine whether the controller is the DHCP (Dynamic Host Configuration Protocol) server for the segment; if so, configure DHCP range parameters.
	Determine if the controller provides the DHCP relay for the segment; if so, configure the IP address of DHCP server.
Routed	Specify the IP address and subnet mask.
Routed	Specify the DHCP settings for segment; If this controller is the DHCP server for segment, configure DHCP range parameters. If the controller is providing the DHCP relay for segment, configure the IP address of the DHCP Server
Bridged	Configure as untagged, or specify a tag in the range 1-4094.
Bridged	Specify the VLAN ID for tagging at the AP.

Policy – Select the topology that represents the network point of attachment associated with the policy and configure filtering:
- Define user network access policy.
- Determine if filtering is to be performed solely at the controller or whether it will also be performed at the AP (for Routed and Bridged @ controller (EWC) Topologies only).
- Determine whether bandwidth restrictions are imposed for users of this policy (default unlimited). Configure rate control if bandwidth restrictions are imposed.
Class of Service – Class of Service (CoS) can be assigned to a packet by a filter rule that the packet matches or by the policy itself, and is used to control how a packet is handled when the network is busy. Class of Service specifies the following for affected traffic:
- Maximum throughput rates (rate limits)
- Transmit queue assignments, which determines how quickly the packet is forwarded, relative to other competing traffic.
- Priority remarking behavior, which affects the priority downstream switches and routers give to the packet.
The CoS defines actions to be taken when rate limits are exceeded. All incoming packets may follow these steps to determine a CoS:
- Each incoming packet is matched against a set of administrator defined rules to find the first matching rule that assigns a CoS. If no matching rule that assigns a CoS is found a default CoS is assigned, based on the applied policy.
- Apply new marking to the packet in accordance with the markings defined in the applied CoS.
- Determine whether the packet will cause the station to exceed the rate limit assigned by the CoS. If so, the packet is dropped.
- If the packet is not dropped, select the transmit queue that is used to forward the packet, based on the CoS.

WLAN Service

Select the type of service to provide. Select Standard service to provide network access for wireless devices. Define the SSID that is advertised by APs representing this service (The SSID that clients see on RF scans).
Select the AP radios (radios correspond to Band [2.4 GHz, 5 GHz]) that advertise this service.

Select the method of authentication that users must successfully pass in order to gain network access:

Authentication Method	Steps
MBA (MAC address based authentication)	Device MAC address must be explicitly allowed to register by RADIUS server.
Captive Portal
Internal	Configure presentation parameters for Captive Portal authentication page.
External	Configure connectivity parameters for interaction with external authentication server.
Guest Portal	Define the set of user credentials that will be granted access to the service.
RADIUS Accounting	Define the RADIUS accounting server to which interim usage accounting reports shall be sent.

Privacy: Select and configure the wireless security method for the service (None, WEP, WPA-PSK, DynWep, WPA/EAP).
QoS (Quality of Service): Configure QoS behavior definitions related to remapping of packet priority.

VNS
- Select the WLAN service that the VNS represents.
- Configure the Default Non-Auth Policy by selecting the policy to which users are initially assigned upon association to the service.
- Configure the Default Auth Policy by selecting the policy to which users are re-assigned upon successful completion of authentication steps (default behavior simply maps to Default Policy, so no specific transition occurs on straight authentication). The policy referenced by this setting is applied unless the RADIUS server provides a specific indication of a more specific policy via Login-Lat-Group and/or FilterID attributes.

Provisioning the VNS mapping between the WLAN service and the default policies enables the service to be advertised (unless WLAN service explicitly provisioned in disabled state).

Published March 2017prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback