• Author : Campus TAC Solutions

 
 

How to Assign a Static IP to an Arista AP via CloudVision WiFi

Introduction This article explains how to setup Static IP address on Arista APs via CloudVision WiFi. Prerequisites Administrator access to CloudVision WiFi (CVW) / Wireless Manager (WM). The AP must show Active status on CVW. Solution Static IP address can be assigned to any Arista AP using the “Additional VLAN Monitoring” option. To enable this, navigate to Monitoring > WiFi > Access Points Right-click the AP to which you want to assign Static IP address and select Customize > Additional VLAN Monitoring. In the right hand side panel, select Add VLANs to Monitor, enter the VLAN ID and click Add....
Continue reading →

How to Integrate Cisco Wireless LAN Controller with CloudVision WiFi

Introduction This article describes the steps to integrate Cisco Wireless LAN Controller with CloudVision WiFi. Wireless LAN Controllers (WLC) govern a collection of Lightweight Access Points (APs). Light Weight Access Point Protocol (LWAPP) defines the network protocol between the APs and WLC. The Cisco Unified WLAN architecture consists of WLC and APs. At any time, the WLC has all the information about the APs and devices seen or associated with these APs. Integration with Cisco WLC allows the system to fetch this information from WLC. Using this information the system can automatically classify devices managed by WLC and do location...
Continue reading →

How to Troubleshoot WiFi Client Connectivity Issues

Introduction This article describes how to troubleshoot client connectivity issues using CloudVision WiFi. Prerequisites Access to CloudVision WiFi Knowledge of affected Clients (MAC address/IP address) Solution Troubleshoot Based on Connectivity Dashboard Troubleshoot Based on Known Failures/Clients Troubleshoot Based on Client Failure Alerts Live Troubleshooting Troubleshoot Based on Connectivity Dashboard The quickest way to identify clients facing connectivity issues across a site is by using the Client Journey widget on the Connectivity Dashboard, which is a live feed for all the clients attempting to connect and gain access to the network. The Client Journey widget is divided into four parts: Total...
Continue reading →

Syslog Server Integration with CloudVision WiFi

Introduction This article describes how an external syslog server can be integrated with CloudVision WiFi. Prerequisites Access to CloudVision WiFi Information about the syslog server to integrate like IP address and port. Cloud Integration Point device (if using Cognitive WiFi cloud) Solution CloudVision WiFi can be used as a cloud service or with on-premises Wireless Manager. Syslog server integration can be configured at System > Third-Party Servers > Syslog.   Check Enable Syslog Servers and click “Add” to input a new syslog destination. If your syslog is on a public IP address, the integration is straightforward and you can enter...
Continue reading →

How to Troubleshoot Arista AP Connection to the Cloud

Introduction This article describes how to troubleshoot the Arista AP connectivity to the Cognitive WiFi cloud. When the AP has disconnected from the cloud service, it will appear Inactive on the CloudVision WiFi / Wireless Manager UI. Prerequisites Access to the CloudVision WiFi (CVW) or Wireless Manager (WM) UI. config CLI access to the Arista AP. Solution Step 1 Check if the AP is provisioned on your cloud service. On CloudVision WiFi, navigate to Monitor > WiFi > Access Point and hover your mouse cursor on the Status icon beside the AP in question. A green icon indicates that it...
Continue reading →

How to Upgrade Access Points to a Specific Build (On-Premises)

Introduction This article describes how to update the firmware on Arista Access Points via the On-Premises Wireless Manager server. On the Arista Cognitive WiFi Cloud, the AP firmware update bundle will be available via the cloud. CloudVision WiFi or the Wireless Manager UI will indicate if new firmware is available for any APs and you can initiate the firmware update for these devices from the UI. If you are using an on-premises Wireless Manager server with Internet connectivity, that is configured to sync with the cloud firmware repository, the update bundle will be available on Wireless Manager itself, after it...
Continue reading →

Troubleshooting an AP in "Non-Recoverable" State after Firmware Update Failure

Introduction This article will assist you in troubleshooting when an AP goes into a “non-recoverable” state. This may happen if the device suddenly loses loses power or connectivity with the cloud/on-prem WiFi management server during the firmware update process. On CloudVision WiFi, the Update column shows that “Firmware Update Failed” for the AP in question. On Wireless Manager you will see the icon beside the AP listing, indicating that the device is in a “non-recoverable” state. Prerequisites Access to the CloudVision WiFi (CVW) or Wireless Manager (WM) UI. config CLI access to the Arista AP or a crossover cable and...
Continue reading →

Troubleshooting an AP in "Non-Recoverable" State after Firmware Update Failure

Introduction This article will assist you in troubleshooting when an AP goes into a “non-recoverable” state. This may happen if the device suddenly loses loses power or connectivity with the cloud/on-prem WiFi management server during the firmware update process. On CloudVision WiFi, the Update column shows that “Firmware Update Failed” for the AP in question. On Wireless Manager you will see the icon beside the AP listing, indicating that the device is in a “non-recoverable” state. Prerequisites Access to the CloudVision WiFi (CVW) or Wireless Manager (WM) UI. config CLI access to the Arista AP or a crossover cable and...
Continue reading →

Interpreting EoGRE Traffic Using Wireshark

Introduction The Ethernet over GRE (EoGRE) is an unencrypted, stateless, Layer 2 tunneling technology. EoGRE encapsulates Ethernet packets and provides the ability to set up one or more tunnels from an AP to an aggregation device such as a Router. There is no connection setup or tear-down procedure. As such, the tunnel interface always remains ON and ready to send/receive on the AP side. This article describes how to interpret EOGRE traffic using Wireshark. Solution The GRE header has the following fields: Checksum – 1 bit. This field is assumed to be zero in this version. If set to 1,...
Continue reading →

Interpreting EoGRE Traffic Using Wireshark

Introduction The Ethernet over GRE (EoGRE) is an unencrypted, stateless, Layer 2 tunneling technology. EoGRE encapsulates Ethernet packets and provides the ability to set up one or more tunnels from an AP to an aggregation device such as a Router. There is no connection setup or tear-down procedure. As such, the tunnel interface always remains ON and ready to send/receive on the AP side. This article describes how to interpret EOGRE traffic using Wireshark. Solution The GRE header has the following fields: Checksum – 1 bit. This field is assumed to be zero in this version. If set to 1,...
Continue reading →

Can I Use LDAP to Authenticate Wireless Users?

Introduction As the number of users in an organization increases, so does the need for a centralized database for user management. Arista APs can be used to authenticate users who sign in to WiFi, using their credentials stored in a centralized or distributed database. Lightweight Directory Access Protocol (LDAP) cannot be directly implemented as an authentication mechanism by an Arista AP, primarily because the Arista APs do not support this protocol for authentication. Another reason is that LDAP is not really an authentication protocol but a directory lookup/access protocol, for querying and modifying items in directory service providers like Active...
Continue reading →

CDE Networks and Their Relevance to PCI Standards

Introduction In this article we will discuss CDE networks in the context of PCI DSS reports on CloudVision WiFi. First let’s understand what these acronyms mean. PCI DSS: The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. Therefore, wirelesses being an important part of the network, will also have to follow the set of security standards defined under PCI DSS. CDE: Over the years, PCI DSS has come up with enhancements in the defined standards, PCI DSS...
Continue reading →

CDE Networks and Their Relevance to PCI Standards

Introduction In this article we will discuss CDE networks in the context of PCI DSS reports on CloudVision WiFi. First let’s understand what these acronyms mean. PCI DSS: The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. Therefore, wirelesses being an important part of the network, will also have to follow the set of security standards defined under PCI DSS. CDE: Over the years, PCI DSS has come up with enhancements in the defined standards, PCI DSS...
Continue reading →

AP Classification with Arista WIPS

Introduction This article explains the classification of Access Points on Wireless Manager, based on tests performed to get their wired identity and their activity in your network. Solution AP Categories Authorized Access Point Access Points (APs) that are wired to the corporate network and are compliant with the Authorized Wireless LAN (WLAN) configuration defined by the Administrator on Wireless Manager (WM) are classified as Authorized APs. Typically, these will be Arista APs, but the administrator can configure the Authorized WLAN policies for any AP vendors. Arista APs/Sensors monitor the corporate VLANs and perform various connectivity tests over the wired network...
Continue reading →

Essential Guide to Client Classification with Arista WIPS

Introduction Client classification policies define the how the wireless clients are going to be classified based on their initial discovery or the AP association. It is vital feature that is used to leverage the WIPS functionality appropriately. Prerequisites Administrative access to Wireless Manager. Solution Correct classification of wireless clients is necessary for effective Intrusion Prevention. Client Auto-classification settings are present on Wireless Manager at Configuration >WIPS > Client Auto-classification. Initial Client Classification Enabling this feature will ensure that new clients seen by the Arista AP/Sensor are automatically assigned to one particular category which may be External/Authorized/Guest, according to the administrator’s...
Continue reading →

Working of a Hidden SSID

Introduction In conventional WLANs, APs advertise their presence by sending out beacon frames that include their Service Set Identifier (SSID) and Basic Service Set Identifier (BSSID). Prior to association, clients gather information about the APs by scanning the channels one by one and listening for beacons on each channel. This is called “Passive scanning”. Clients also perform “Active scanning”, whereby they send out Probe Request frames on each channel. These are requests for APs to send out information about themselves. APs respond to Probe Requests with Probe Response frames, the contents of which are similar to beacon frames. Once the...
Continue reading →

Working of a Hidden SSID

Introduction In conventional WLANs, APs advertise their presence by sending out beacon frames that include their Service Set Identifier (SSID) and Basic Service Set Identifier (BSSID). Prior to association, clients gather information about the APs by scanning the channels one by one and listening for beacons on each channel. This is called “Passive scanning”. Clients also perform “Active scanning”, whereby they send out Probe Request frames on each channel. These are requests for APs to send out information about themselves. APs respond to Probe Requests with Probe Response frames, the contents of which are similar to beacon frames. Once the...
Continue reading →

How to Check EOGRE Tunnel Status on CloudVision WiFi

Introduction This article explains how to verify the status of the GRE/IPSec tunnel on CloudVision WiFi. Prerequisites CloudVision WiFi version 2.4 or higher. 802.11ac capable Arista APs. Solution In order to view the status of the tunnel formed by the AP(s) with remote endpoints, navigate to Monitor > WiFi > Tunnels. The green dot indicates that the status of the tunnel is up/active, and the red dot indicates that the tunnel is down/disconnected. The AP will check for the increase in Receiving Packet count (Rx) in order to determine the status of the tunnel. In case there is no increase...
Continue reading →

Introduction to Stream Marker Packets

Introduction This document describes the Stream Marker enhancement that avoids any potential impact of Marker packets on AP performance. Marker packets are injected by Arista APs and sensors to detect Rogue APs. In some cases, the Marker packets themselves may adversely impact the performance of other APs, as these are broadcast packets forwarded at basic rates on the wireless side. Prerequisites Administrator privileges on Wireless Manager and CloudVision WiFi. Solution The number of Marker packets seen on the wireless side is multiplied by the number of VLANs and the number of APs on the same channel in the vicinity. With...
Continue reading →

How to enable BLE (Bluetooth Low Energy) on CloudVision WiFi

Introduction Bluetooth beacon advertising is a wireless personal area network technology that is used in healthcare, fitness, security based applications, etc. Bluetooth beacons use Bluetooth Low Energy (BLE) proximity sensing to transmit universally unique identifier picked up by a compatible app or operating system. This identifier, along with several bytes sent with it, can be used to determine a device’s (e.g. Smartphones) physical location, track customers, or trigger location based actions on device such as check-in on social media. Another use is distributing messages at a specific point of interest, e.g. a shopping mall or bus stop to advertise products...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: