Interoperability Report Aerohive 6.1r2 R1

Microsoft Word - Interoperability Report_Aerohive_6.1r2_R1.docINTEROPERABILITY REPORT
Ascom i62
HiveOS version 6.1r2
Ascom, Gothenburg
Jan 2014
TABLE OF CONTENT: INTRODUCTION ........................................................................................................................... 3
About Ascom ............................................................................................................................ 3 About Aerohive Networks ......................................................................................................... 3
SITE INFORMATION .................................................................................................................... 4 SUMMARY .................................................................................................................................... 5
General conclusion ................................................................................................................... 6 Known issues ............................................................................................................................ 6
TEST CONFIGURATION .............................................................................................................. 7 Ascom WLAN Infrastructure Verification – VoWiFi ................................................................... 7
APPENDIX A: TEST CONFIGURATIONS .................................................................................... 8 Aerohive HiveManager and AP120, 121, 141, 330 and 350 Access Points. ............................ 8
ESS, Security settings. .......................................................................................................... 8 Quality of Service (QoS) ..................................................................................................... 14 Radio Configuration ............................................................................................................ 16
Ascom i62 ............................................................................................................................... 19 Innovaphone IP6000 (IP PBX) ................................................................................................ 22
APPENDIX B: DETAILED TEST RECORDS .............................................................................. 23
Interoperability Report - Ascom i62 / Aerohive Networks 3 2014-01-10
INTRODUCTION This document describes necessary steps and guidelines to optimally configure the Aerohive Networks solutions WLAN platform with Ascom i62 VoWiFi handsets.
The guide should be used in conjunction with both Aerohives and Ascoms configuration guide(s).
About Ascom
Ascom Wireless Solutions (www.ascom.com/ws) is a leading provider of on-site wireless communications for key segments such as hospitals, manufacturing industries, retail and hotels. More than 75,000 systems are installed at major companies all over the world. The company offers a broad range of voice and professional messaging solutions, creating value for customers by supporting and optimizing their Mission-Critical processes. The solutions are based on VoWiFi, IP-DECT, DECT, Nurse Call and paging technologies, smartly integrated into existing enterprise systems. The company has subsidiaries in 10 countries and 1,200 employees worldwide. Founded in the 1950s and based in Göteborg, Sweden, Ascom Wireless Solutions is part of the Ascom Group, listed on the Swiss Stock Exchange.
About Aerohive Networks People want to work anywhere; on any device, and IT needs to enable them -- without drowning in complexity or compromising on security, performance, reliability or cost. Aerohive's mission is to Simpli-Fi these enterprise access networks with a cloud-enabled, self-organizing, service-aware, identity-based infrastructure that includes innovative Wi-Fi, VPN, branch routing and switching solutions. Aerohive was founded in 2006 and is headquartered in Sunnyvale, Calif. The company's investors include Kleiner Perkins Caufield & Byers, Lightspeed Venture Partners, Northern Light Venture Capital, New Enterprise Associates, Inc. (NEA) and Institutional Venture Partners (IVP). For more information, please visitwww.aerohive.com, call us at 408-510-6100, follow us on Twitter @Aerohive, subscribe to our blog, join ourcommunity or become a fan on our Facebook page.
SITE INFORMATION
Test Site(s): Ascom US 598 Airport Blvd Suite 300 Morrisville 27560 NC Participants: Karl-Magnus Olsson, Ascom HQ, Morrisville, NC TEST TOPOLOGY
SUMMARY
Please refer to Appendix B for detailed results for respective access point. WLAN Controller Features
High Level Functionality Result
Association, Multiple ESSIDs OK
Preauthentication Not tested
PMKSA Caching OK
802.11 Power-save mode OK
Roaming
Roaming, WPA-PSK, TKIP Encryption OK
Roaming, WPA2-PSK, AES Encryption OK
Roaming, PEAP-MSCHAPv2 Auth, AES Encryption OK
General conclusion The result of the verified test areas, such as authentication, association, handover and call stability test, produced in very good results. The roaming times, both PSK and 802.1x were excellent by ranging in the interval 25 to 50m. Performance has also been proven to be very good. In both active and U-APSD mode it was possible to keep up 12 simultaneously calls per AP one single access point. Keep in mind that the limitation was available handsets and not system capacity.
Known issues
TEST CONFIGURATION
Aerohive HiveOS software 6.1r2 AP120/121/141/330/350 Ascom i62, v 5.1.22 (WLAN driver version 3.5.c)
Signaling Protocol: SIP, Innovaphone IP6000 used as SIP server. Version 9 hotfix 13
Configuration of WLAN System:
Beacon Interval: 100ms DTIM Period: 5 802.11bg(n) 802.11a(n) WMM/ U-APSD Enabled (See appendix A for QoS profiles) 802.11d Regulatory Domain: World mode
Ascom i62 Configuration:
World Mode Regulatory Domain set to World mode. IP DSCP for Voice: 0x30 (48) – Class selector 6 IP DSCP for Signaling: 0x1A (26) – Assured Forwarding 31
Keep in mind that security options and power save modes were adjusted according to requirements in individual test cases. Please refer to appendix A for information regarding device configuration.
APPENDIX A: TEST CONFIGURATIONS
Aerohive HiveManager and AP120, 121, 141, 330 and 350 Access Points.
In the following chapter you will find screenshots and explanations of basic settings in order to get the Aerohive Networks solution operational with Ascom i62. Please note that security settings were modified according to requirements in individual test cases. The configuration file is found at the bottom of this chapter. ESS, Security settings.
List of all configured SSIDs
WPA2 PSK (Personal)
- Select WPA/WPA2 PSK (Personal) - Select WPA2-PSK and CCMP and Key Management and Encryption Method - Key can be entered in HEX or in ASCII format. Example shows a key entered in ASCII format.
WPA2 802.1X (Enterprise)
- Select WPA/WPA2 802.1X (Enterprise) - Select WPA2-802.1X and CCMP and Key Management and Encryption Method - Make sure Enable Proactive PMK ID response is checked.
WPA2 802.1X (Enterprise) – RADIUS configuration
- Configure the IP Address to the Radius server - Type in the “secret” that corresponds to the secret configured in the Radius server.
Data rate configuration. (Same for all encryption methods)
- To improve the performance in the wireless system it is recommended to disable the lowest data rates.
Advanced SSID settings (Same for all encryption methods)
- Set the DTIM settings to 5. DTIM value 5 is recommended in order to allow maximum battery conservation without impacting the quality. A lower value is possible but will negatively impact the standby time.
- Make sure Enable WMM is checked. - Make sure Enable Unscheduled Automatic Power Save Delivery is checked. U-APSD is not
mandatory but is highly recommended as it will significantly increase the talk time.
User Profile.
- Use the default Rate Control & Queuing Policy. See section QoS for details.
Quality of Service (QoS)
Classifier Maps
- Create classifier map according to the screenshot and enable DiffServ and 802.11e
Marker Maps
- Create a Marker Map. Note that these are the system default values.
Rate Control & Queuing
- Make sure that the system default values look as per above.
Radio Configuration
Radio Profiles. (5Ghz)
- Example shows the default profile radio_na0 - Channel with is set to 20Mhz but 40Mhz has also been verified. - Make sure the beacon period is set to 100TU
Radio Profiles. (2.4Ghz)
- Example shows the default profile radio_ng0 - Channel with is set to 20Mhz. 40Mhz channel width is not recommended on the 2.4Ghz band. - Make sure the beacon period is set to 100TU
Configuration of access points
- Radio profiles used is the default (radio_na0 and radio_ng0). See earlier steps for configuration of the radio profiles.
- In the example channel has been set manually for each access point (for testing). Note. 1. Enabling more than 8 channels will degrade roaming performance. Ascom strongly recommends against going above this limit. 2. Using 40 MHz channels (or “channel-bonding”) will reduce the number of non-DFS* channels to two in ETSI regions (Europe). In FCC regions (North America), 40MHz is a more viable option because of the availability of additional non-DFS channels. The handset can co-exist with 40MHz stations in the same ESS. 3. Make sure that all non-DFS channel are taken before resorting to DFS channels. The handset can cope in mixed non-DFS and DFS environments; however, due to “unpredictability” introduced by radar detection protocols, voice quality may become distorted and roaming delayed. Hence Ascom recommends avoiding the use of DFS channels in VoWIFI deployments. *) Dynamic Frequency Selection (radar detection)
Aerohive configuration files: See attached file (Ap120 running config.txt , Ap121 running config.txt , Ap330 running config.txt) for configuration.
Ascom i62
Ascom i62 Network configurations (WPA2-PSK)
- Set IP DSCP for voice to 0x30 (48) – CS6 to match default mappings in the Aerohive system.
i62 network settings for 802.1X authentication (PEAP-MSCHAPv2)
- Set IP DSCP for voice to 0x30 (48) – CS6 to match default mappings in the Aerohive system.
If 802.1X Authentication is used a root certificate has to be uploaded to the phone by “right clicking” - > Edit certificates. Note that both a root and a client certificate are needed for TLS. Otherwise only a root certificate is needed. Server certificate validation can be overridden in version 4.1.12 and above per handset setting (Validate server certificate).
Innovaphone IP6000 (IP PBX) The Innovaphone IP6000 was configured with a static IP address of 172.20.106.113. Signaling is less relevant here since testing homes in on interoperability in relation to the WLAN infrastructure and not features of the IP PBX. IP6000 configuration: See attached file (complete-IP6000-08-03-a6.txt) for configuration.
APPENDIX B: DETAILED TEST RECORDS VoWIFI Pass 13 Fail 0 Comments 0 Untested 21 Total 34 See attached file (WLANinteroperabilityTestReport_Aerohive.xls) for detailed test results. MISCELLANEOUS Please refer to the test specification for WLAN systems on Ascom’s interoperability web page for explicit information regarding each test case. See URL (requires login): https://www.ascom-ws.com/AscomPartnerWeb/en/startpage/Sales-tools/Interoperability
Document History Rev Date Author Description PA 2013-12-16 SEKMO Initial draft R1 2014-01-07 SEKMO Minor corrections. Revision R1
security mac-filter Ascom_intop default permit security mac-filter CompTest80211AH default permit security mac-filter CompTest80211AH1X default permit security-object CompTest80211AH security-object CompTest80211AH security protocol-suite wpa2-aes-psk ascii-key *** security-object CompTest80211AH default-user-profile-attr 1 security-object CompTest80211AH1X security-object CompTest80211AH1X security aaa radius-server primary 172.20.106.113 shared-secret *** security-object CompTest80211AH1X security aaa radius-server accounting primary 172.20.106.113 shared-secret *** security-object CompTest80211AH1X security protocol-suite wpa2-aes-8021x roaming proactive-pmkid-response ptk-rekey-period 30 security-object CompTest80211AH1X default-user-profile-attr 1 ssid CompTest80211AH ssid CompTest80211AH security-object CompTest80211AH ssid CompTest80211AH security mac-filter CompTest80211AH ssid CompTest80211AH dtim-period 5 ssid CompTest80211AH 11g-rate-set 11-basic 12 18 24 36 48 54 ssid CompTest80211AH uapsd ssid CompTest80211AH1X ssid CompTest80211AH1X security-object CompTest80211AH1X ssid CompTest80211AH1X security mac-filter CompTest80211AH1X ssid CompTest80211AH1X dtim-period 5 ssid CompTest80211AH1X 11g-rate-set 11-basic 12 18 24 36 48 54 ssid CompTest80211AH1X uapsd hive Ascom_intop hive Ascom_intop security mac-filter Ascom_intop hive Ascom_intop password *** interface wifi0 radio channel 1 interface wifi0 radio power 13 interface wifi1 mode access interface wifi1 radio channel 36 interface wifi1 radio power 13 interface mgt0 hive Ascom_intop interface wifi0 ssid CompTest80211AH interface wifi1 ssid CompTest80211AH interface wifi0 ssid CompTest80211AH1X interface wifi1 ssid CompTest80211AH1X hostname AP120_1_US admin root-admin admin password *** dns server-ip 172.20.96.20 ntp server hm-emea-002.aerohive.com clock time-zone 1 clock time-zone daylight-saving-time 03-31 01:59:59 10-27 02:59:59 config version 24 config rollback enable snmp location US_LAB@ no os-detection method dhcp-option55 os-detection method user-agent capwap client server name hm-emea-002.aerohive.com capwap client dtls hm-defined-passphrase *** key-id 1 capwap client vhm-name Ascominterop no capwap client dtls negotiation enable qos classifier-profile eth0 diffserv qos classifier-profile US-SSID1 diffserv qos classifier-profile US-SSID2 diffserv interface eth0 qos-classifier eth0 ssid CompTest80211AH qos-classifier US-SSID1 ssid CompTest80211AH1X qos-classifier US-SSID2 user-profile INTOP qos-policy def-user-qos vlan-id 1 attribute 1 no bonjour-gateway enable application reporting auto
WLAN TR
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
PASS
PASS
PASS
PASS
PASS
PASS
#105
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
PASS
PASS
PASS
PASS
PASS
PASS
#110
PASS
PASS
PASS
PASS
PASS
PASS
FreeRadius
FAIL
#111
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
See Comment
PASS
PASS
PASS
PASS
PASS
PASS
PASS
#150
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
#401
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
PASS
PASS
PASS
PASS
PASS
PASS
802.11bgn: 52ms 802.11an: 48ms, 802.11bgn:47 ms 802.11an: 26ms , 802.11bgn:28 ms 802.11an: 27ms
#408
PASS
PASS
PASS
PASS
PASS
PASS
802.11bgn: 28ms 802.11an: 25ms , 802.11bgn:31 ms 802.11an: 37ms, 802.11bgn:49 ms 802.11an: 34ms
#409
#410
PASS
PASS
PASS
PASS
PASS
PASS
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
NOT TESTED
PASS
PASS
PASS
PASS
PASS
PASS
24h+
security mac-filter Ascom_intop default permit security mac-filter CompTest80211AH default permit security mac-filter CompTest80211AH1X default permit security-object CompTest80211AH security-object CompTest80211AH security protocol-suite wpa2-aes-psk ascii-key *** security-object CompTest80211AH default-user-profile-attr 1 security-object CompTest80211AH1X security-object CompTest80211AH1X security aaa radius-server primary 172.20.106.113 shared-secret *** security-object CompTest80211AH1X security aaa radius-server accounting primary 172.20.106.113 shared-secret *** security-object CompTest80211AH1X security protocol-suite wpa2-aes-8021x roaming proactive-pmkid-response ptk-rekey-period 30 security-object CompTest80211AH1X default-user-profile-attr 1 ssid CompTest80211AH ssid CompTest80211AH security-object CompTest80211AH ssid CompTest80211AH security mac-filter CompTest80211AH ssid CompTest80211AH dtim-period 5 ssid CompTest80211AH 11g-rate-set 11-basic 12 18 24 36 48 54 ssid CompTest80211AH uapsd ssid CompTest80211AH1X ssid CompTest80211AH1X security-object CompTest80211AH1X ssid CompTest80211AH1X security mac-filter CompTest80211AH1X ssid CompTest80211AH1X dtim-period 5 ssid CompTest80211AH1X 11g-rate-set 11-basic 12 18 24 36 48 54 ssid CompTest80211AH1X uapsd hive Ascom_intop hive Ascom_intop security mac-filter Ascom_intop hive Ascom_intop password *** interface wifi0 radio channel 6 interface wifi0 radio power 12 interface wifi1 mode access interface wifi1 radio channel 44 interface wifi1 radio power 12 interface mgt0 hive Ascom_intop interface wifi0 ssid CompTest80211AH interface wifi0 ssid CompTest80211AH1X interface wifi1 ssid CompTest80211AH interface wifi1 ssid CompTest80211AH1X hostname AP121_1_US admin root-admin admin password *** dns server-ip 172.20.96.20 ntp server hm-emea-002.aerohive.com clock time-zone 1 clock time-zone daylight-saving-time 03-31 01:59:59 10-27 02:59:59 config version 10 config rollback enable snmp location "US LAB@" no os-detection method dhcp-option55 os-detection method user-agent capwap client server name hm-emea-002.aerohive.com capwap client dtls hm-defined-passphrase *** key-id 1 capwap client vhm-name Ascominterop no capwap client dtls negotiation enable qos classifier-profile eth0 diffserv qos classifier-profile US-SSID1 diffserv qos classifier-profile US-SSID2 diffserv interface eth0 qos-classifier eth0 ssid CompTest80211AH qos-classifier US-SSID1 ssid CompTest80211AH1X qos-classifier US-SSID2 user-profile INTOP qos-policy def-user-qos vlan-id 1 attribute 1 no bonjour-gateway enable application reporting auto
security mac-filter Ascom_intop default permit security mac-filter CompTest80211AH default permit security mac-filter CompTest80211AH1X default permit security-object CompTest80211AH security-object CompTest80211AH security protocol-suite wpa2-aes-psk ascii-key *** security-object CompTest80211AH default-user-profile-attr 1 security-object CompTest80211AH1X security-object CompTest80211AH1X security aaa radius-server primary 172.20.106.113 shared-secret *** security-object CompTest80211AH1X security aaa radius-server accounting primary 172.20.106.113 shared-secret *** security-object CompTest80211AH1X security protocol-suite wpa2-aes-8021x roaming proactive-pmkid-response ptk-rekey-period 30 security-object CompTest80211AH1X default-user-profile-attr 1 ssid CompTest80211AH ssid CompTest80211AH security-object CompTest80211AH ssid CompTest80211AH security mac-filter CompTest80211AH ssid CompTest80211AH dtim-period 5 ssid CompTest80211AH 11g-rate-set 11-basic 12 18 24 36 48 54 ssid CompTest80211AH uapsd ssid CompTest80211AH1X ssid CompTest80211AH1X security-object CompTest80211AH1X ssid CompTest80211AH1X security mac-filter CompTest80211AH1X ssid CompTest80211AH1X dtim-period 5 ssid CompTest80211AH1X 11g-rate-set 11-basic 12 18 24 36 48 54 ssid CompTest80211AH1X uapsd hive Ascom_intop hive Ascom_intop security mac-filter Ascom_intop hive Ascom_intop password *** interface wifi0 radio channel 1 interface wifi0 radio power 13 interface wifi1 mode access interface wifi1 radio channel 36 interface wifi1 radio power 13 interface mgt0 hive Ascom_intop interface wifi0 ssid CompTest80211AH interface wifi1 ssid CompTest80211AH interface wifi0 ssid CompTest80211AH1X interface wifi1 ssid CompTest80211AH1X hostname AP330_1_US admin root-admin admin password *** dns server-ip 172.20.96.20 ntp server hm-emea-002.aerohive.com clock time-zone 1 clock time-zone daylight-saving-time 03-31 01:59:59 10-27 02:59:59 config version 5 config rollback enable snmp location SupportLab@ no os-detection method dhcp-option55 os-detection method user-agent capwap client server name hm-emea-002.aerohive.com capwap client dtls hm-defined-passphrase *** key-id 1 capwap client vhm-name Ascominterop no capwap client dtls negotiation enable qos classifier-profile eth0 diffserv qos classifier-profile US-SSID1 diffserv qos classifier-profile eth1 diffserv qos classifier-profile red0 diffserv qos classifier-profile agg0 diffserv qos classifier-profile US-SSID2 diffserv interface eth1 qos-classifier eth1 interface eth0 qos-classifier eth0 ssid CompTest80211AH qos-classifier US-SSID1 ssid CompTest80211AH1X qos-classifier US-SSID2 user-profile INTOP qos-policy def-user-qos vlan-id 1 attribute 1 no bonjour-gateway enable application reporting auto

Documents

Interoperability Report Aerohive 6.1r2 R1