Configuring a MeshConnex Policy

About this task

To define a MeshConnex policy:

Procedure

  1. Select ConfigurationWirelessMeshConnex Policy tto display existing MeshConnex policies.
    Click to expand in new window
    MeshConnex Policy Screen
    GUID-114C84E4-D9F5-495E-8BAD-E5521D1AA9A7-low.png
  2. Refer to the following configuration data for existing MeshConnex policies:
    Mesh Point Name

    The administrator assigned name of each listed mesh point.
    Mesh ID The IDs (mesh identifiers) assigned to mesh points.
    Mesh Point Status Tthe status of each configured mesh point, either Enabled or Disabled.
    Description Descriptive text provided by the administrator for each configured mesh point.
    Control VLAN The VLAN (virtual interface ID) for the control VLAN on each of the configured mesh points.
    Allowed VLANs The list of VLANs allowed on each configured mesh point.
    Security Mode The security assigned to each configured mesh pointt – either None for no security or PSK for pre-shared key authentication.
    Mesh QoS Policy The mesh Quality of Service (QoS) policy associated with each configured mesh point.
  3. Click Add to create a new MeshConnex policy, select an existing policy and click Edit to modify its configuration, or select an existing policy and click Delete to remove an obsolete policy.
    Optionally, Copy or Rename MeshConnex policies as needed.

    The Configuration screen displays by default for new or modified MeshConnex policies.

    Click to expand in new window
    MeshConnex Configuration Screen
    GUID-DC7D4A2C-27E6-4F0E-B757-1E84C7CC4B3C-low.png
  4. Refer to the Basic Configuration field to define a MeshConnex configuration:
    Mesh Point Name Specify a name for the new mesh point. The name should be descriptive to easily differentiate it from other mesh points. This field is mandatory.
    Mesh ID Specify a 32-character maximum mesh identifier for this mesh point. This field is optional.
    Mesh Point Status To enable this mesh point, click Enabled. To disable the mesh point, click Disabled. The default value is Enabled.
    Mesh QoS Policy Specify the mesh Quality of Service (QoS) policy to use on this mesh point. This value is mandatory. If no suitable mesh QoS policies exist, click the Create icon to create a new mesh QoS policy.
    Beacon Format Specify the format in which beacons from the mesh point are sent. To use access point style beacons, select access-point from the drop-down menu. To use mesh point style beacons, select mesh point. The default value is mesh point.
    Is Root Select this option to define the mesh point as a root in the mesh topology.
    Control VLAN Specify a VLAN to carry meshpoint control traffic. The valid range for control VLAN is between 1 and 4094. The default value is VLAN 1.
    Allowed VLANs Specify the VLANs that are allowed to pass traffic on the mesh point. Separate VLANs with commas. To specify a range of allowed VLANs, separate the starting VLAN and the ending VLAN with a hyphen.
    Neighbor Inactivity Timeout Specify the amount of time allowed between frames received from a neighbor before their client privileges are revoked. Specify the timeout value in seconds, minutes, hours or days, up to a maximum of 1 day. The default value is 2 minutes.
    Description Enter a 64-character maximum description for the mesh point configuration.
  5. Click OK to update the MeshConnex configuration settings for this policy.
    Click Reset to revert to the last saved configuration.
  6. Select Security.
    Click to expand in new window
    MeshConnex Security Screen
    GUID-003AC012-A34C-4BA5-8EB3-5AF90B491496-low.png
  7. Refer to the Select Authentication field to define an authentication method for the mesh policy.
    Security Mode

    Select a security authentication mode for the mesh point. Select None to have no authentication for the mesh point. Select EAP to use a secured credential exchange, dynamic keying and strong encryption. If selecting EAP, refer to the EAP PEAP Authentication field at the bottom of the screen and define the credentials of an EAP user and trustpoint. Select PSK to set a pre-shared key as the authentication for the mesh-point. If PSK is selected, enter a pre-shared key in the Key Settings field.
  8. Set the following Key Settings for the mesh point.
    Pre-Shared Key When the security mode is set as PSK, enter a 64 character HEX or an 8-63 ASCII character passphrase used for authentication on the mesh point.
  9. Set the following Key Rotation settings for the mesh point.
    Unicast Rotation Interval Define an interval for unicast key transmission (30 -86,400 seconds).
    Broadcast Rotation Interval When enabled, the key indices used for encrypting/decrypting broadcast traffic is alternatively rotated based on the defined interval. Define an interval for broadcast key transmission in seconds (30- 86,400). Key rotation enhances the broadcast traffic security on the WLAN.
  10. If you are using EAP to secure the mesh point, set the following EAP PEAP Authentication settings.
    User ID Create a 32-character maximum user name for a peap-mschapv2 authentication credential exchange.
    Password Define a 32-character maximum password for the EAP PEAP user ID.
    Trust Point Provide the 64 character maximum name of the trustpoint used for installing the CA certificate and validating the server certificate.
    EAP TLS Provide the 64 character maximum name of the trustpoint used for installing the client certificate, client private key and CA certificate.
    Type

    Configure the EAP authentication method used by the supplicant. The default EAP type is PEAP-MS-CHAPv2.
    EAP Identity

    Enter the 32-character maximum identity string used during phase 1 authentication. This string does not need to represent the identity of the user, rather an anonymous identity string.
    AAA Policy

    Select an existing AAA Policy from the drop-down menu to apply to this user‘s mesh point EAP configuration. Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to the network, enforcing user authorization policies, and auditing and tracking usage. These combined processes are central for securing wireless client resources and wireless network data flows.
  11. Click OK to save the changes made to the configuration.
    Click Reset to revert to the last saved configuration.
  12. Select Radio Rates.
    Click to expand in new window
    Radio Rate Settings
    GUID-6FFED762-42B7-4BA3-AA1B-15BA0225CF3E-low.png
  13. Set the following Radio Rates for both the 2.4 and 5 GHz radio bands:
    2.4 GHz Mesh Point Click Select to configure radio rates for the 2.4 GHz band. Define both minimum Basic and optimal Supported rates as required for the 802.11b rates, 802.11g rates and 802.11n rates supported by the 2.4 GHz band. These are the rates wireless client traffic is supported within this mesh point.

    If you are supporting 802.11n, select a Supported MCS index. Set an MCS (modulation and coding scheme) in respect to the radio‘s channel width and guard interval. An MCS defines (based on RF channel conditions) an optimal combination of eight data rates, bonded channels, multiple spatial streams, different guard intervals, and modulation types. Mesh points can communicate as long as they support the same basic MCS (as well as non-11n basic rates).

    The selected rates apply to associated client traffic within this mesh point only.
    5.0 GHz Mesh Point Click Select to configure radio rates for the 5.0 GHz band. Define both minimum Basic and optimal Supported rates as required for the 802.11b rates, 802.11g rates and 802.11n rates supported by the 5.0 GHz radio band. These are the rates wireless client traffic is supported within this mesh point.

    If you are supporting 802.11n, select a Supported MCS index. Set an MCS (modulation and coding scheme) in respect to the radio‘s channel width and guard interval. An MCS defines (based on RF channel conditions) an optimal combination of eight data rates, bonded channels, multiple spatial streams, different guard intervals, and modulation types. Mesh points can communicate as long as they support the same basic MCS (as well as non-11n basic rates).

    The selected rates apply to associated client traffic within this mesh point only.
    Click to expand in new window
    Advanced Rate Settings 2.4 GHz Screen
    GUID-C5C7BE74-9BD0-4345-9393-06137FF2ACD2-low.png
    Click to expand in new window
    Advanced Rate Settings 5.0 GHz Screen
    GUID-9A477503-1400-420B-911B-733BBBCA85A7-low.png
  14. Define both minimum Basic and optimal Supported rates as required for the 802.11b rates, 802.11g rates and 802.11n rates supported by the 2.4 GHz band and 802.11a and 802.11n rates supported by the 5.0 GHz radio band.
    These are the rates wireless client traffic is supported within this mesh point.

    If you are supporting 802.11n, select a Supported MCS index. Set an MCS (modulation and coding scheme) in respect to the radio‘s channel width and guard interval. An MCS defines (based on RF channel conditions) an optimal combination of eight data rates, bonded channels, multiple spatial streams, different guard intervals, and modulation types. Clients can associate as long as they support basic MCS (as well as non-11n basic rates).

  15. Click OK to save the changes made to the configuration.
    Click Reset to revert to the last saved configuration.
9036512-00 Rev AA