Cambium cnMaestro X

Configuration Steps Overview

1. Verify Prerequisites

2. Configure WLAN

3. Configure AP Group

Verify Prerequisites

1. Verify an Access Point Group has been created (outside the scope of this document)

2. Verify an Access Point is associated to the Access Point Group (outside the scope of this document)

3. Set appropriate view to follow this guide

   • Click on Administration

   • Click Settings

   • In General Tab change account view to Access and Backhaul

   • You can change this view back after following this configuration guide.

1. Check software version on access points.

   • EPSK is supported on version 4.2.2-a6 and above

   • Click Shared Settings

   • Click WLANs and AP Groups

   • Select the AP Groups Tab

   • Click on the AP Group being used for VAULT

   • Select an AP within the AP Group

   • Select Software Update Tab

   • Verify Active Version is 4.2.2-a6 or higher

Configure WLAN

1. Click on Shared Settings

2. Click on WLANS and AP Groups

3. Select (or create) WLAN Associated with AP Group

4. Under Configuration

   • Select WLAN and set the following information

     • Type: Enterprise Wi-Fi

     • Name: VAULT

     • Scope: Base Infrastructure

     • Description: VAULT

     • Basic Settings

       • SSID: Enable

       • SSID: VAULT

       • Security: WPA2 Pre-Shared Keys

       • Passphrase: <Enter random passphrase>

   • All other settings should be set to Best Practices

• Select AAA Servers Under Configuration

• If Using cnMaestro On Premise or AMI Version

  • Select “Proxy RADIUS through cnMaestro”

• Under Authentication Server enter the following information

  • 1. Host: xx.xx.xx.x

  • Secret: XXXXXXX

  • Port: xxxx

  • 2. Host: xx.xx.xx.x

  • Secret: XXXXXXX

  • Port: xxxx

  • Timeout: 3

  • Attempts: 1

• Under Accounting Server Enter the following information

  • 1. Host: xx.xx.xx.x

  • Secret: XXXXXXX

  • Port: xxxx

  • 2. Host: xx.xx.xx.x

  • Secret: XXXXXXX

  • Port: xxxx

  • Timeout: 20

  • Attempts: 3

  • Accounting Mode: Start-Interim-Stop

  • Interim Update Interval: 1800

• Under Advanced Settings Enter the following information

  • NAS-Identifier: Custom

  • Custom NAS-ID: RoamingIQ Will Provide the Nas-Identifier to use

  • Dynamic VLAN: Enabled

  • Called Station ID: AP-MAC

  • Click Save

• All other settings should remain DEFAULT or set to Best Practices

Configure AP Group

1. Select Shared Settings

2. Click WLANs and AP Groups

3. Click AP Groups Tab

4. Click AP Group Associated to WLAN and AP

5. Select Network Under Configuration Tab

6. Select the Interface connected to Network Infrastructure

   • Enter the following information

     • Ethernet Port Type: Trunk Multiple VLANS

     • Native VLAN: 1 (or set to your specific infrastructure)

     • Allowed VLANS: 2-4094 (or set to your specific infrastructure)

   • All other fields may remain DEFAULT or set to Best Practices

1. Select User-Defined Overrides under Configuration

   • Enter the following information

!

wireless wlan 1

epsk RADIUS

!

• • Where wireless wlan 1 is the wlan number on the physical Access Point

    • You may need to ssh in to the AP and show the configuration to find the actual wlan #

  • Click Save

  • All other fields may remain DEFAULT or set to Best Practices