AirTight SA-250, Installation Manual

Page 1: ...Installation Guide SA 250 Server 339 N Bernardo Avenue 200 Mountain View CA 94043 www airtightnetworks com 2003 2015 AirTight Networks Inc All rights reserved ...

Page 2: ...This page is intentionally left blank ...

Page 3: ...ECTION OF THIS DOCUMENT LIMITATION OF LIABILITY AirTight Networks will not be liable to customer or any other party for any indirect incidental special consequential exemplary or reliance damages arising out of or related to the use of AirTight Wi Fi AirTight WIPS AirTight Cloud Services and AirTight devices under any legal theory including but not limited to lost profits lost data or business int...

Page 4: ...nect the server to the network and your computer and configure the server 4 Server Config Shell Commands Lists a pre defined set of commands that allow you to configure and view the status of the Server 5 Set Up and Manage Server Cluster Describes how to set up and manage a server cluster 6 Troubleshooting Provides troubleshooting tips while installing the server and sensor 7 Backup and Restore Da...

Page 5: ...de o Installation Guide o Quick Setup Guide o Release Notes o Upgrade Instructions o High Availability Configuration o Network Detector Configuration Power cord Network interface Ethernet cable Serial cable Rack mounting accessories Figure 2 2 1 SA 250 Server Package Contents If the package is not complete please contact AirTight Networks Inc Technical Support at support airtightnetworks com or re...

Page 6: ...ior of the power switch Table 3 1 SA 250 Server Power Switch Behavior Action System Behavior Recommended User Action Push the power switch for 2 seconds Graceful shutdown of the server similar to restarting the server No action is required as the server restarts automatically Push the power switch for more than 4 seconds Hard shutdown of the server similar to disconnecting the power cable Press th...

Page 7: ...ct the server to the network and a computer Figure 3 2 Rear Panel Ports of SA 250 Server The rear panel of SA 250 Server has a serial port RS 232 F F a network interface port RJ 45 10 100 1000 Ethernet a high availability HA port RJ 45 10 100 1000 Ethernet and a power connector Use the power connector to power the server using 110 240V 50 60 Hz AC input Connect the power connectors to two differen...

Page 8: ... Protocol Network Interface Used to connect the server to the enterprise network RJ 45 Settings 10 100 1000 Mbps Protocol Ethernet High Availability Used to connect the server to the other servers in a high availability cluster RJ 45 Settings 10 100 1000 Mbps Protocol Ethernet ...

Page 9: ...is chapter explains how to connect and configure the SA 250 server Connecting the SA 250 Server Connecting the server involves mounting the server appliance powering on the server and connecting it to the network Mount the Server Appliance Place the server on the rack and mount it using the rack mounting accessories Figure 4 1 Mount SA 250 Server ...

Page 10: ...ower switch on the front panel of the server Note On connecting the power cable and pressing the power switch the power LED should turn solid green Connect the SA 250 Server to Enterprise Network After connecting the power cables you must connect the server to your enterprise network Connect the network interface port on the server to the desired subnet using the Ethernet cable provided to you as ...

Page 11: ...ng steps 1 Connect your computer to the same subnet where the server is connected 2 Change the IP address of your computer to 192 168 1 XXX For example 192 168 1 244 3 Open SSH on your computer and press Enter or Space on the SSH Secure Shell dialog 4 Access the default server IP address 192 168 1 246 as shown in the following figure Figure 4 4 Access Default Server IP Address 5 Login using the us...

Page 12: ...ess the server using a serial RS 232 cable as shown in the following figure and then follow the steps listed below the figure Figure 4 5 Accessing Server using Serial RS 232 Cable 1 Launch the HyperTerminal from Start All Programs Accessories HyperTerminal on your system Figure 4 6 HyperTerminal ...

Page 13: ...Enter a name for the HyperTerminal connection in the Name field b Select an icon to identify the new connection c Click OK Figure 4 7 Connection Description 3 Specify the HyperTerminal connection details by selecting or entering the appropriate connection information and click OK Figure 4 8 HyperTerminal Connection ...

Page 14: ...tup Wizard At the first boot of the server the Server Initialization and Setup Wizard is displayed This wizard helps you to map the Backspace key change the configuration password change the network settings and set the server ID of the server You can retain the default values at each step by pressing Enter The wizard is displayed at the first boot or at every reboot if the server is not configure...

Page 15: ...re configuring the network settings you are prompted to map the Backspace key to work properly Figure 4 10 Configure the Backspace Key The Server Initialization and Setup Wizard appears as shown in the following figure Figure 4 11 Server Initialization and Setup Wizard ...

Page 16: ... Address Choose an IP address that is compatible with the network segment on which the server is connected The server must belong to the same subnet Subnet Mask Enter the mask of the network segment to which the server is connected Gateway IP Address Enter the IP address of the gateway for the subnet on which the server is connected Ethernet traffic from the subnet is forwarded to another network ...

Page 17: ...SA 250 Server Installation Guide 15 Figure 4 13 Configure Network Settings Figure 4 14 Confirm Network Settings Figure 4 15 Enable IPv6 Support ...

Page 18: ... server You must select a continent and then a country to set the time zone You can change the server date and time manually or using an NTP server To set the server date and time using an NTP server you must specify the NTP server IP address or the DNS name of the NTP server Figure 4 16 Set Server Time Zone Date and Time ...

Page 19: ...ng is important only if you have a multi server installation If you have only one server the server ID should be the default value 1 Figure 4 17 Set Server ID Set Server Tag An AirTight server can be assigned a tag that could be used to identify the server and specific files and objects associated with that server By default the server tag is blank Figure 4 18 Set Server Tag You can reset the serv...

Page 20: ...ess y to reboot the server for the changes to take effect If you choose to reboot later press n The server Config Shell prompt appears You must reboot the server on completion of the Initialization and Setup Wizard before you access the server from the AirTight Management Console GUI Note On the Config Shell prompt you can type the help command to view the list of available commands ...

Page 21: ...tware is available on your computer before launching the console Table 4 1 Hardware Requirements Hardware Requirements Processor Intel P4 X86 architecture platform or equivalent Processor Speed 1 4 GHz minimum Memory 1 GB minimum Screen Resolution 1024X768 recommended Table 4 2 Software Requirements Software Requirements Operating System OS Windows 2000 or XP Browser Internet Explorer IE 9 0 or hi...

Page 22: ... File and browse to the license key file and select it The label of the button can vary between Choose File and Browse based on the Web browser used The functionality remains the same 3 Click Apply Figure 4 21 Choose File If the license key is valid the Login screen is displayed Else an error message is displayed You can log in with user name admin and password admin ...

Page 23: ...ckup info Sets scheduled DB backup information upload db backup Uploads last successful database backup to external server Table 5 2 get Commands Command Description get allowed ip Displays the list of IP addresses or subnets that are allowed to access this device get cert Generates a self signed certificate get certreq Generates a Certificate Signing Request CSR get date Displays the current time...

Page 24: ...og level gui Displays the log levels of GUI modules get log level msmcontroller Displays the log level of HP MSM Controller Integration module get log level wlc Displays the log level of Cisco WLC Adapter module get msmcontroller cert Generates a self signed certificate for HP Adapter get msmcontroller certreq Generates a Certificate Signing Request for HP Adapter get network Displays the network ...

Page 25: ...scription set allowed ip Sets the list of IP addresses or subnets that are allowed to access this device set cert Installs a signed SSL certificate issued for the request generated using get certreq set date Sets the current time zone date and time information on the server the server must be rebooted for the date time information to take effect set dbserver Starts stops the database server set er...

Page 26: ...tatic routing configuration set license Downloads license from remote server and applies it on the AirTight server set log config Sets the configuration of the logger set log level aruba Sets the log level of Aruba Mobility Controller Adapter Module set log level gui Sets the log levels of GUI modules set log level msmcontroller Sets the log level of HP MSM Controller Integration set log level wlc...

Page 27: ...erver to identify the server and the files and objects associated with the server set ssh Starts stops the SSH access to the server set lldp Sets LLDP configuration set webserver Starts stops the Web server set wlc mapper Manages Cisco WLC Custom Mapper file Table 5 4 Miscellaneous Commands Command Description exit Exits the config shell session help Displays help for all the commands passwd Allow...

Page 28: ...luster or a child server from a cluster When executed on a parent server the entire cluster is destroyed and all servers in the cluster behave as standalone servers This command can be executed on parent server or child server When executed on a child server it eliminates the relationship between the child server and the parent server The rest of the cluster remains intact IMPORTANT It is recommen...

Page 29: ...parent server to a server cluster 2 Add a child server to a server cluster 3 Delete or remove a child server from a server cluster 4 Delete an entire server cluster 5 Check the status of servers in a cluster or check if a server is part of a cluster The servers in a server cluster are assigned IDs when they become a part of the server cluster A parent server is assigned 1 as ID in the cluster As a...

Page 30: ...ter Add Child Server to Server Cluster There are two ways to add a child server to a server cluster 1 Use the server cluster setup wizard available after executing the cluster set command This has been explained in the Set Up Server Cluster section 2 Execute cluster add child command This command must be executed on the command line of the parent server This is explained below To add a child serve...

Page 31: ...ter the link between the parent server and the child server is broken The rest of the server cluster continues to function as a cluster To delete a child server from a server cluster do the following 1 Login to the server command line interface of the parent server with config user credentials 2 Execute the command cluster delete child on the command line You are prompted to enter the ID of the ch...

Page 32: ...rver with config user credentials 2 Execute the command cluster reset on the command line You are prompted to confirm cluster reset 3 Enter y to confirm cluster reset or deletion of the server cluster The cluster is deleted Refer to the screenshot below for the cluster reset command Figure 6 4 cluster reset Command Note When the cluster reset command is executed on a child server command line it r...

Page 33: ...and on a server that may or may not be in a server cluster that is you can execute this command on any active server To check the status of a server do the following 1 Login to the server command line interface of the server with config user credentials 2 Execute the command cluster show status on the command line The status of the server is returned by the command Refer to the screenshots below f...

Page 34: ...ilability mode and in a server cluster setup You can set or change a server tag from the CLI by using the set server tag command For example config set server tag Configure custom tag for files generated by this server Current custom tag Do you want to set reset the prefix S et R eset R S Enter custom tag upto 16 characters Srv USeast 03 A server tag can contain a maximum of 16 characters Only alp...

Page 35: ...N YYYY HHMMSS tgz New Name AMC_Srv USeast 03_backup_ETH0MAC_YYYYMMDDHHMMSS tgz Database backup file containing configuration settings only Old Name wss_backup_ETH0MAC_DD MON YYYY HHMMSS tgz New Name AMC_Srv USeast 03_backup_ETH0MAC_YYYYMMDDHHMMSS_Config tgz Debug file Old Name server_ ETH0MAC_MMDDHHMM tgz New Name AMC_Srv USeast 03_debug_ETH0MAC_YYYYMMDDHHMMSS tgz Connection debug logs Old Name cl...

Page 36: ...Seast 03_Visib_Analytics_YYYYMMDDHHMMSS csv Association Analytics Old Name Association_Analytics_MMDDYYYY_HH_MM_SS csv New Name AMC_Srv USeast 03_Assoc_Analytics_YYYYMMDDHHMMSS csv AirTight Mobile Configuration Policy Old Name sgc_group_profile_GROUPID xml New Name AMC_Srv USeast 03_sgc_group_profile_GROUPID xml AirTight Mobile Client Report Old Name ReportsRANDOMNUMBER html New Name AMC_Srv USeas...

Page 37: ...the network Change the IP address of the server using the set network command No sensors connect to the server after setting the server ID The server ID used by the server may be used by another server on the network Verify that no other server with the server ID set for the server is running on the network Change the server ID using the set serverid command No connection to the server Check if th...

Page 38: ... upgrade the sensor should connect to the server if the server is using the factory default passphrase If you have changed the passphrase on the server log in to the sensor and set the correct passphrase No events are being reported or the device status is stale not updated Check the status of the server on the Administration screen If the Current Status field shows or click the Start Server butto...

Page 39: ...s in the set management interface command Some examples of outgoing traffic and remote hosts networks are Server where database backup is uploaded LDAP RADIUS servers SMTP server to send out e mails of events and reports ESM Servers Syslog CEF SNMP NTP server LLDP receiver Upgrade availability In the case of an HA setup the management interface must be set on the active and standby server The HTTP...

Page 40: ... want to continue to add delete networks After all the configurations are completed the Web server is restarted Figure 9 1 set management interface Command Get Management Interface You can obtain the status of the management interface and the corresponding settings by running the get management interface command The following is a sample output of this command config get management interface Displ...

Page 41: ...ng the set management interface command On running the set management route command a CLI wizard is initiated 1 Specify whether you want to add or delete networks that would be accessible through the management interface 2 If you are adding a network enter the IP address and subnet mask for the network 3 If you are deleting a network enter a comma separated list of network IDs that are show in the...

Page 42: ...ment interface by running the get management route command The following is a sample output of this command config get management route Displays networks whose traffic will be sent over Management Interface Traffic destined to following subnets will go over Management Interface with Default gateway as 192 168 11 254 1 192 168 120 0 22 ...

Page 43: ...a and files are archived in to the backup file The full backup takes a complete backup of the configuration and data In the case of a configuration only backup the following data and files are not backed up Events Performance data Analytics data All OSS BSS CSV files of Performance Statistics Archived Reports Fetched AirTight Mobile reports Transient Data o SSIDs Probed by Clients o Client fingerp...

Page 44: ...ackup file must be stored 4 Specify the type of backup Type F for a full backup and C for a configuration only backup 5 If you are performing a full back and have applied the appropriate licenses on the server a You might be prompted whether to back up the Analytics data Type Y to back up the Analytics data b You might be prompted whether to back up the Performance data Type Y to back up the Perfo...

Page 45: ...SA 250 Server Installation Guide 43 The following figures show an example of full backup and configuration only backup by using the db backup command Figure 10 2 Full Backup ...

Page 46: ...SA 250 Server Installation Guide 44 Figure 10 3 Configuration only Backup ...

Page 47: ...le details on the AirTight Management Console under Configuration System Settings System Status The following image illustrates the backup files stored on the server as seen on the AirTight Management Console Figure 10 4 Backup Files on AirTight Management Console ...

Page 48: ...h the database backup file is stored Option Description Transfer protocol backup method The available options are SCP Type S for using the SCP protocol SFTP Type T for using the SFTP protocol FTP Type F for using the FTP protocol Remote Server IP address DNS name IPv4 or IPv6 address or FQDN for the remote server Ensure that the server is reachable over the network Remote Server Password Password ...

Page 49: ...SA 250 Server Installation Guide 47 Refer to the following image for the db restore command Figure 10 5 db restore Command ...

Page 50: ...se Backup Schedule Status You can check the status of a database backup schedule by running the get status command The Schedule DB Backup in the command output specifies the recurrence schedule and backup type Figure 10 6 Check Backup Schedule Status ...

Page 51: ...changing the shared secret are provided on both server and sensor Alternatively you can modify this shared secret from Server GUI console as well Note When the server is backward compatible that is pre version 6 2 sensors can connect to a version 6 8 server However this is not recommended After all sensors have been upgraded to version 6 8 the set sensor legacy authentication CLI command can be us...