Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf#airheadsconf

WLAN Management & Troubleshooting with AirWave

Carl Mower, VP Network Management EngineeringNovember 2013

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf

AirWave overview

Diagnosing client RF problems

Proactive management

Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration

AirWave 8.0 Multi-Server

Agenda

Coming soon in

8.0

Everything in this presentation is from AirWave 7.7, unless

specially noted by:


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


AirWave manages it all

Aruba WLAN

Aruba Networks

Controllers & APs

Instant

Wired

Aruba

Any MIB-II compliant

device

Legacy WLAN

Migrate from

Cisco

Motorola

Legacy

Users & Devices

Classification & reporting

Integration with MDM

Monitor network activity

Outdoor / Mesh

Aruba AirMesh

Aruba AP175


Aruba Management Architecture

APs / AMs• 802.11 radios• Integrated IDS/IPS• Spectrum Analysis

Controller (or VC)• Centralized Radio Management• Role based Policy Enforcement

AirWave• Long-term History & Trending• WLAN Troubleshooting• Visualization & Reporting


Data Flow to AirWave

SNMP

Trap

sAM

ON

Airwave

ControllerH

TTPS

VirtualController

NMSEmail, SNMP, Syslog


AirWave Groups & Folders

GroupsDefine Configuration StandardDevices share config in GroupDefines polling intervals and protocolShare same Firmware level on devicesGroups are non-hierarchical

FoldersSimilar to Directory structure on your PCCommon monitoring, alertingControl role based accessHierarchical based organizationNo limit on level depth

Every device associated with ONLY ONE Group and Folder


AirWave 7.7 & 8.0

AirWave 7.7

– 10 new visibility features (see next)

– Application visibility

– No more Flash graphs

– Support 11ac, new APs, AOS 6.3

– Support for IAP 3.3

– SNMP AMON for client & AP data

– VisualRF speedup

– Separate firmware download & reboot

– Integration w/ Image Server

– Added Cisco 1600 & 2600

– Run commands repeatedly

AirWave 7.7.6

– IAP GUI config

– 7.3 switch config profiles

– Zero-touch config for switches

AirWave 8.0

– Support for IAP 3.4 & 4.0

– Multi-server AirWave

– UI refresh including migration of VisualRF to HTML5

Coming soon in

8.0


New Visibility Features Added in 7.7

1. Watched Clients – to show status of VIP clients

2. RF capacity dashboard – to show heavily-used radios/APs

3. Anomaly detection – to find anomalies in client counts or bandwidth used

4. Client steering table & report – to show ARM3.0 steering events

5. Graphs no longer in Flash – to enable AirWave on iPads

6. AppRF – to show PEF session data over time

7. Client health metric added to existing RF performance dashboard

8. Client health indications displayed for clients on VisualRF floorplans

9. Summarize reports by folder –show heaviest usage by folder/geography

10.Trigger enhancements – eliminate stale events


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


User “gmurphy” calls helpdesk…


Client Diagnostic View


Overlay: Client Location


Overlay: Heatmap


Overlay: Data Rate


Overlay: Client Health


Client Match Events


Client Match Events - Detail


Client Detail


Detailed information for the selected client:

• Device info

• Current association

• Graphs

• Current location (VRF)

• Alerts for that client

• Client match events

• Radios that hear client

• Association history

• Device events

Client Detail


Radio Diagnostics


All Graphs in 7.7 Now HTML5

Graphs in AirWave 7.6 and earlier were Flash-basedAll graphs in AirWave 7.7 are converted from Flash to HTML5


All Graphs in 7.7 Now HTML5

By clicking on a graph, can then zoom in/out, pan, and hover (to get values for each point)


Run CLI command(s) at intervals


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


Application Visibility

Collections of 9-tuples:

• Source-IP

• Source-port

• Destination-IP

• Destination-port

• Protocol

• Device type (Win7, iPad, iPhone…)

• Role (employee, guest…)

• ESSID (production, guest…)

• Location (folder)


Application Visibility: Overview


Application Visibility: by Destination


Application Visibility: by ESSID


RF Performance


RF Capacity

2 radios were “heavily utilized” 80-100% of the time.

(“Heavily utilized” is 80%+ utilization).

(Only “on time” is considered. That is, blocks of time the radio is doing something, not the middle-of-the-night).


RF Capacity


Watched Clients


Network Deviations


Network Deviations

Anomalies illustrated for clients and bandwidth.

Shown here, the current reading (blue, green), plotted against 40-week average +/– one standard deviation.

Average for any given period of time, (for example, noon-12:10 on a Friday), is calculated for that same time-period (noon-12:10) for the previous 40 Fridays.

(Average is NOT simply the previous few days).


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


VisualRF

Review Coverage Heatmaps


VisualRF

Visualize Rogue AP Location

Locate Interference sources


VisualRF


VisualRF 8.0: FlashHTML5 for iPad

In AirWave 8.0, VisRF moves to HTML5.Coming soon in

8.0


VisualRF 8.0: HTML5

Coming soon in

8.0


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


Custom & Pre-Defined Reports

20 pre-defined reports to choose from…

…or make a custom report from any combination of the 170+ “sections” available above


Custom Reports

Filter custom reports by:

• Folder

• Group

• [Infrastructure] Device type

• ESSID

• End-user role

• Client: OS, chipset, manufacturer

Also:

• Pick report range (start, end)

• Schedule recurring report execution

• Email report

• HTML, CSV, PDF


Custom & Pre-Defined Reports

Now to highlight 4 reports…


RF Health Report


Client Session Report


Client Steering Report

Client match actions by:

• Folder

• AP

• Client

Details of each match




• Steers by device type

• By steering reason

• By band (11ac, n-5G, n-2.4)


PCI Compliance Report

Shows results of an audit of the WLAN against specific PCI requirements.

For each PCI requirement, shows failing cases, (if any).


Most by Folder (Region) Report

Summarize max concurrent clients and utilization by folder.

When each folder represents a geographic location, useful to find “busiest” locations.


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


Triggers

35 different trigger types.


Triggers

Configurable attributes common to all triggers:

• Severity (normal, warning, minor, major, critical)

• Limit by folder

• (If folder specified…) do/do-not include sub-folders

• Limit by group

• Notes

• Alert via Email (if so: specify sender Email and 1+ recipients)

• Alert to NMS (if so: select 1 or more destinations)

• Optionally suppress future alerts until first is acknowledged

Also, limiting conditions unique to each trigger typeA few select triggers and their unique conditions are highlighted…


Triggers


Triggers: Device Down


Triggers

Device Down

• Limit number of outstanding down events

• Must be down X minutes

• Suppress thin-AP-down when controller down

• Suppress device-down when upsteam device is down

• By device type (AP, controller, RAP, switch…)

• Minutes down threshold

Device Up

• Auto acknowledge corresponding down event

• Match by device type (AP, controller, RAP, switch…)


Triggers

AP Usage

• Direction: up, down, combined

• Threshold & duration to measure

Channel Utilization

• Interference %

• By radio type (11ac, 11a, 11b, 11g, 11n, …)

• Time busy, receiving, transmitting

Radio Noise Floor


• Noise floor



Triggers

Device Event

• Event contains sub-string

• Event type (syslog, SNMP trap)

• SNMP trap category (HW, IDS, client security, AP security, rogue…)

• Syslog category and/or severity

Radio Down / Radio Up


802.11 Frame Counters / 802.11 QoS Counters

• 110+ different counters by threshold

New client discovered

New device discovered



Triggers

Interface Usage

• Interface label, mode, name

• Interface speed in / out (Mbps)

• Interface type


Config Mis-match

Device Resources


• CPU or memory threshold

Rogue Device Classified

• By classification (valid, neighbor, rogue, …)

• Confidence level

• Threat level


Alerts


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


Rogue: Rules


Rogue: Add a Rule


Rogue: Rules

Detected on WLAN, LAN

Detecting AP Count (at least, at most)

Encryption Type

Network Type (Infrastructure, AdHoc)

Signal Strength

SSID (matches, does not match, regex)

Detected Client Count

IP Addresss

Manufacturer


Rogue: List


Rogue: List Columns

Classification (rogue, neighbor, valid)

Threat Level

Classifying Rule

Controller Classification

Heard on Wire?

Number of Detecting APs

SSID

Signal Strength

Encryption Type

Wireless Channel

Radio Vendor

First, Most-recent Discovering AP

First, Most-recent Discovery Date/Time


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


IGC: Just like Instant embedded UI


IGC: can add a note to any field


IGC: multi-edit


Switch config


Zero-Touch Provisioning

AirWave pushes the latest software image and Site A

configuration

Instant AP connects to AirWave server via HTTPS and

associates to the Site A group

Instant AP connects to Aruba Activate via HTTPS and downloads provisioning

details

12

3

Aruba Activate™

10 a.m.

10:02 a.m.

10:07 a.m.

Site A - Configuration ASite B – Configuration BSite C – Configuration C

AirWave™

Secure Data Center

Site C

Site B

Site A

Aruba Instant™


Device Configuration Management

Discover Devices

Analyze Device

Audit Configuration

AirWave can Discover, Audit and Fix configuration mismatches or settings to the managed devices


aa


AirWave overview



Visual RF

Reports

Triggers & Alerts

Rogue detection

Configuration


Agenda


Current single-server architecture

SNMP trap recvr

AMON recvr

SNMP pollers

swarm handler

work queue

ALC workers

database

AW-RRD

UI

report gen

config gen/audit

Visual RF

message bus


Multi-server architecture

database backup

SNMP trap recvr

SNMP pollersswarm handler

work queue via [distributed] RabbitMQ message bus

UI report gen config gen/audit

Visual RF

database

database master

ALC workers ALC workers ALC workers

Visual RFVisual RF

worker machine #3worker machine #2worker machine #1

AMON recvr

OpenTSDBOpenTSDBOpenTSDB

Coming soon in

8.0


Current 20K cluster performance

Coming soon in

8.0


aa

Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave

Business

Transcript of Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave