Perform the following steps to configure a hive profile.
-
Select the add icon.
-
Enter a name for the hive
profile.
-
Select a number for the hive control traffic port.
Hive communications operate at
Layers 2 and 3. The default port number for Layer 3 hive communications and for
roaming-related traffic is UDP 3000. If a different service on your network is
already using port 3000, you can change this to any number from 1024 to 65535,
as long as the new setting is at least 5 digits greater or less than the current
setting. For example, if the current port number is 3000, you can set a new port
number higher than 3005.
-
Enter an optional description.
-
Select to enable or disable CAPWAP delay alarms.
-
Enable Encryption
Protection, or disable it to have ExtremeCloud IQ derive a
default password from the hive name.
-
Select either Auto Generate a password, or enter a
password manually.
Hive members use this password when authenticating themselves to each other
over the wireless backhaul link using WPA-PSK CCMP (AES). To see the text that
you entered, clear the Obscure Secret check box.
-
Modify DoS prevention rules by selecting either Hive or
Client, and modifying the settings in the dialog
box.
Extreme Networks devices ship
with the default hive- and SSID-lever DoS detection settings for a number of
frame types that are commonly used when launching DoS attacks. You can raise the
thresholds to avoid receiving too many false alarms or lowering them to receive
more alarms indicative of spikes in certain types of traffic.
DoS prevention rules for hives apply to wireless
traffic from all radios that might reach the backhaul or access channel from
wireless clients or nearby access points broadcasting on the same channel. You
can define settings to detect DoS attacks on the radio channels that a device
uses for hive communications and for SSID access traffic.
DoS prevention rules for
clients apply to traffic originating from a single neighboring
radio. The source might be a neighbor member or a nearby device outside the
network that is broadcasting on the same channel the Extreme Networks device is
using for its wireless backhaul communications, or for SSID access
traffic.
For both types of rules, you
can change the alarm thresholds and enable or disable settings for each DoS
Detection type: Probe Requests and Responses, (Re) Associations, Association and
Disassociation Requests and Responses, Authentication and Deauthentication, and
EAP over LAN (EAPoL). Wireless clients periodically send probe requests to see
if any access points are within range. The threshold determines the number of
messages per minute required to trigger an alarm about a possible DoS attack.
The alarm interval determines the length between repeated alarms when the number
of messages continues to exceed the threshold.
-
Select a Request to Send Threshold for wireless
mesh.
This is the maximum frame size
in bytes that requires the device to first send an request to send (RTS (request
to send) message before sending a large frame. The default setting is
2346 bytes.
-
Select a Fragment Threshold for wireless mesh.
This is the maximum IEEE 802.11
frame size in bytes that the device uses when sending control traffic over the
wireless backhaul link to other members. If the device needs to send a frame
that is larger, it first breaks it into smaller fragments. The default setting
is 2346 bytes.
-
Select the check box to require
a minimum wireless signal strength for creating wireless mesh, and configure the
following settings:
Signal strength
threshold: Choose a signal strength between 90 dBm and - 55 dBm.
This is the minimum signal strength required to enable members to form a
wireless backhaul link. The default is -80 dBm.
Polling interval:
Set the time interval from 1 to 60 minutes to poll the signal strength of
neighboring members. A lower interval increases traffic on the network slightly,
especially in environments where there are lots of members, however this also
increases the responsiveness of members to changes in signal strength. A higher
interval reduces responsiveness to signal strength changes, which can be
preferable in an environment where severe and frequent signal strength
fluctuations would cause members to continually drop and re-establish
connections. The default is every 60 seconds.
-
Configure client roaming settings by first setting the interval between
keepalive heartbeats between members.
-
Select the number of missed heartbeats before a neighbor is removed.
The default is 10 seconds, and the range is 5 to 360,000 seconds (100 hours).
To calculate the length of time required, multiply the keepalive interval by the
ageout value. Using the default settings, 10 seconds (interval) x 5 (missed
keepalives), a neighbor ages out after 50 seconds.
-
Select how often devices should send client information (default is 60
seconds).
-
Select the interval after which cached client information is removed (default
is 60 seconds).
-
Select the check box to update all hive members within radio range, including
Layer 3 neighbors.
-
Select the check box to update hive members in the same subnet and VLAN.
-
Select an IP address type.
-
Apply MAC filters to restrict devices that can join the hive.
You can select existing filters from the table, or add new filters.
-
Choose the default action for any device whose MAC address or OUI does not
match the selected MAC filter.
-
Select Save.