Agile deployment
If you are familiar with the basic concepts of branches, nodes, sites, devices, and accounts in the cloud platform, perform the following procedure to complete agile deployment:
Log in to the cloud platform
Access the cloud platform, enter the username and the password, and then click Sign In. You are placed on the home page of cloud platform.
The following is the webpage layout of the cloud platform:
Figure 1 Webpage layout
|
(1) Top navigation bar |
(2) Scenario menu |
(3) Left navigation pane |
(4) Work pane |
· Top navigation bar—Contains functionality categories. If you click a category, the navigation pane displays all features and functionalities of that category.
· Scenario menu—Allows you to select sites or branches as needed.
· Left navigation pane—Contains menus of all features and functionalities. If you select one menu item, the right panel section displays the work pane for that item.
·
Work pane—Provides an area for you to manage, configure, and monitor the
system, features, and services depending on the menu item you select in the
navigation pane. This area also allows you to toggle
among tile 
and list 
views as needed.
Manage branches and sites
About branches and sites
In the cloud platform, a branch contains multiple sites. The number of sites in a branch is not limited. You can classify branches by region, brand, or relation.
Figure 2 Branch classification
You can add devices of various types in the same network into the same site. The number of devices in a site is not limited.
Restrictions and guidelines
To delete a branch that contains a subordinate branch or site, first delete the subordinate branch or site.
To add a site quickly, click the Add icon 
in the
administrative section and then select Site.
Procedure
1. On the top navigation bar, click Network.
2. To rename a root branch node, perform the following steps:
a. From the left navigation pane, select Network > Organization.
b. Select root branch node network and then click Edit to rename the root branch node as head office.
3. To add a branch, select root node head office, click Add, and then enter a branch named Beijing.
4. To delete a branch, select the branch and then click Delete. The root branch node cannot be deleted.
5. To add a site, perform the following steps:
a. From the left navigation pane, select Network > Dashboard.
b. If it is the first time you add a site, click Add. If a site already exists, click Add in the site list area to the right of the page. Click OK.
Figure 5 Adding a site for the first time
Figure 6 Adding a site when a site already exists
c. Specify a scenario type according to the device type and then click Next.
Figure 7 Specifying a scenario type
d. Select head office from the Branch list, specify a site name, select the industry, and then click Next.
Figure 8 Specifying a site name
e. Select the site address and then click Next.
Figure 9 Selecting the address
f. Select a site label or brand, and then click OK. For more information about site labels, see "Configure a site label."
Figure 10 Selecting a site label or brand
6. To delete a site, select the site and then click Delete.
Export sites
To back up all sites of the current cloud platform account, perform this task to export site information. The exported site list will be saved to the default downloading folder in the browser.
Procedure
1. On the top navigation bar, click Network.
You are placed on the Dashboard page.
2. Select a branch or site from the scenario menu.
3. Click More Actions and then select Export.
Figure 11 Exporting sites
Import sites
1. On the top navigation bar, click Network.
You are placed on the Dashboard page.
2. Click More Actions and then select Import.
3. Click the Download Template link.
4. Fill in the template file as needed.
5. Click the Upload File field to select the template file, and then click OK.
Figure 12 Importing sites
Configure a site label
Perform this task to distinguish among different sites.
Restrictions and guidelines
Only tenants can configure a site label.
The number of site labels cannot exceed 10.
Procedure
1. On the top navigation bar, click Network.
You are placed on the Dashboard page.
2. Click More Actions and then select Manage Site Labels.
3. Click Add, enter the required information, and then click OK.
If you select Select from Drop-down List from the Data Input Method field, you must select option values from the Options field.
4.
To edit a site label, click the Edit button 
for the target
site label.
5.
To delete a site label, click the Delete button 
for the target
site label.
Deleting a site label will delete the records saved for the site label in all sites of the account. Please be cautious.
6.
To view site label information, click the Columns icon 
.
7.
To add a site label for an existing site, click the Edit button 
for the site.
Access the summary view
Perform this task to view network summary information for a branch.
To access the summary view:
1. On the top navigation bar, click Network.
2. From the left navigation pane, select Network > Dashboard.
3. Click Summary at the upper right corner of the work pane.
4. Click the target branch or enter the branch name.
The page that opens displays the following information:
¡ Summary: Alarm statistics, numbers of sites, devices, APs, and clients, client traffic, and health score.
¡ Service statistics: Health score trend, site ranking by health score, device disassociation trend, site ranking by device disassociations, AP disassociation trend, site ranking by AP disassociations, client quantity trend, site ranking by client quantity, client traffic trend, site ranking by client traffic, alarm quantity trend, and site ranking by alarm quantity in the specified time range.
¡ Site list: Information about sites in the branch, including site name, health status, online devices, and offline devices. To view information about a site, click the site name.
Access the map view
Perform this task to view the distribution of sites in a branch on a map.
To access the map view:
1. On the top navigation bar, click Network.
2. From the left navigation pane, select Network > Dashboard.
3. Click Map at the upper right corner of the work pane.
4. Click the target branch.
The map opens. A red dot represents the geographic location of a site.
Configure devices
Add a device
Prerequisites
Before adding a device to the cloud platform, perform the following tasks:
· Make sure the device can access the Internet.
· Make sure the device can resolve the cloud platform server address.
· Execute the cloud-management server domain command on the device to connect the device to the cloud platform.
Restrictions and guidelines
To ensure the correct operation of cloud features, execute tcp mss 1400 on the device network egress (physical port or VLAN interface) after connecting the device to the cloud platform.
To add a site quickly, click the Add icon 
in
the administrative section and then select Device.
Procedure
1. On the top navigation bar, click Network.
2. From the left navigation pane, select Network > Devices.
3. Click Add Devices.
4. Select a site, enter a device name and serial number, and click Add Device.
¡ To add a non-IRF member device, select General from the IRF Member field.
¡ To add an IRF device, select IRF in the IRF Member field. Then, select a group or add a new group. Member devices of an IRF fabric must be added to the same group.
Figure 13 Adding a device
Manage a device
Perform this task to edit the device name, delete the devices in bulk or view device information.
Procedure
1. On the top navigation bar, click Network.
2. From the left navigation pane, select Network > Devices.
3. Select a site or all sites of a branch.
4. To delete one or more devices, select target devices and then click Delete.
Deleting a device from a site will delete the device data stored in the cloud platform but will not delete the settings on the device.
5.
To change the name
of a device, click the Edit icon 
for the device.
6. To restart a device, select the device, and then click Restart. You can restart online devices.
7. To reset the cloud connection if connection errors exist, select the device, click More, and then click Reset Cloud connection. The system disconnects and then reconnects the device.
8. To upgrade a device, select the device, click More, and then click Upgrade. You can upgrade online devices. To select the target version, access the Maintain > Upgrade page.
9. To access the CLI of a device, select the device, and then click CLI Helper. You can then execute commands to configure the device.
10. To manage the file system of a device, select the device, and then click File System.
11. To save the running configuration, select the device, click More, and then click Save Config.
12. To deploy configuration to a device, select the device, click More, and then click Deploy Cfg.
¡ Deploy Configuration: Configure a configuration template or read settings from an existing configuration template. To save the template configuration, click Save. To deploy settings in the template immediately, click Deploy Immediately. To deploy settings in the template as scheduled, click Deploy on Schedule. To create a scheduled deployment task, you must also specify the execution time.
¡ Scheduled Deployment Tasks: View information about scheduled deployment tasks, or delete, start, suspend, or edit the tasks.
¡ Deployment Records: View
configuration deployment records. To view the template content, click the 
icon.
13. To move a device from a site to another, select the device, click More, and then click Migrate. Device migration might cause loss of some configurations. You can configure the lost settings in the new site.
|
|
NOTE: Device migration can be performed between sites managed by the same account. You cannot use device migration to move devices to a site managed by another tenant. |
14. To view basic information, port information, and running information for a device, click the name of the device. Displaying of port information is supported only in version 5412 and later.
On the page that opens, perform the following tasks:
a. To perform basic operations such as restart, upgrade, and save configuration on the device, click the corresponding icon.
b. To perform local management for the device, click Local Management.
Only online devices of specific versions support local management.
c. To view detailed information about the device, click the Details tab on the page.
Figure 14 Managing a device
Figure 15 Viewing device information
Export devices
To back up information about devices connected to the cloud platform, perform this task to export device information. The exported device information will be saved to the default downloading folder specified in the browser.
Procedure
1. On the top navigation bar, click Network.
2. From the left navigation pane, select Network > Devices.
3. Click More and then select Export.
4. Select a branch and then click OK.
All devices in the branch will be exported.
Figure 16 Exporting devices
Import devices
1. On the top navigation bar, click Network.
2. From the left navigation pane, select Network > Devices.
3. Click More and then select Import.
4. Click the Download Template link.
5. Fill in the template file as needed.
6. Click the Upload File field to select the template file, and then click OK.
Figure 17 Importing devices
Automated deployment
Automated deployment operates as follows:
1. Add a gateway to the site on the cloud platform. For more information, see "Add a device."
2. Configure the gateway WAN port through a USB disk or from the local Web interface, and make sure the gateway can reach the cloud platform. Make the gateway come online from the platform.
3. Configure the DHCP server on the gateway.
option 252 ascii + Site password
option 253 + public IP address or domain name of the cloud platform
|
|
NOTE: · The site password is bound to the cloud platform site, and internal network devices will automatically be added to the site corresponding to the site password. The site passwords for the cloud platform sites can be viewed in the exported Excel file by going to Network > Dashboard > More Actions > Export. · Configure the DHCP options for the gateway first for the internal network devices to obtain IP addresses. |
4. Internal network devices obtain IP address and other configurations through DHCP from the gateway, connect to the gateway, and then automatically connect to the cloud platform. The devices are added to the corresponding site. Automated deployment is complete.
Area management
Only AC+fit AP and cloud-managed AP networks support this feature.
Only ACs of version 5412 or later support full region management functions.
About area management
In a typical "headquarters-branch" structured enterprise, ACs and APs are deployed separately at the headquarters and branches to provide wireless access services. By configuring multi-level branches and multiple sites, devices can be easily divided according to geographic location and hierarchy. For enterprises where all the APs at branches are registered across the public network to the headquarters AC, it is impossible to manage multiple sites separately for each AP. Therefore, all APs can only be stacked in one site under the root branch. In this case, the problem of managing too many APs in the same site becomes very tricky. The area management function effectively solves this problem.
The core idea of area management is to apply the site division method to the area. That is, all APs under the same site are divided into different areas according to geographic location, store name, brand, and other rules. In a sense, the concept of "area" is a refinement of the "site" concept.
As shown in Figure 18, a central AC is deployed at the headquarters, and multiple APs are deployed in each branch location across different sites. All APs are registered with and directly managed by the central AC at the headquarters. Under the site where the AC is located, multiple areas can be created based on geographic regions or store numbers, and each branch's APs can be added to their corresponding areas. After deployment, administrators can carry out precise management and operations for each area with the area management function.
As a best practice, use area management when a site contains a large number of APs.
Configure area management
1. On the top navigation bar, click Network.
2. Access the System > Service Switch. On the Smart O&M tab, enable the smart O&M feature for the target sites.
3. Access Network > Sites, and click the Area Management tab.
4. Click Edit.
5.
Click Add to add an area. Specify the area
name. To add multiple areas, click the plus sign 
.
6. Add APs. You can add APs immediately after creating a site or access the Area Management – Edit Area page to add APs to any areas.
To add APs to an area, click the Add AP icon 
in the Actions column
for the target area on the Areas with Bound APs/AP Groups or Areas Without Bound APs/AP Groups tab. You
can add or remove one or multiple APs as needed. Then, click Submit.
On the Area Management – Edit Area page:
¡ To
edit the name of an area, click the 
icon for the area.
¡ To
delete an area, click the 
icon for the area. You cannot delete an area that has bound APs.
¡ To delete multiple areas in bulk, select the areas and then click Bulk Delete. You cannot delete an area that has bound APs.
7.
To view information about areas in tile
view, click the 
icon
on the Area Management page. You can view the score, number of online clients, total
uplink AP rate, and total downlink AP rate in each site.
8.
To view information about areas in list
view, click the 
icon
on the Area Management page. You can view detailed information about each area, including
health score, and AP quantity.
The section above the area list shows the number of areas with different evaluations, including excellent, good, fair, and offline. You can click on an evaluation button to filter and view the areas with a specific evaluation.
Figure 19 AP health evaluation
|
Level |
Score range |
|
Excellent |
≥80 |
|
Good |
≥65 and <80 |
|
Fair |
<65 |
The area score and health evaluation are based on the AP scores within the area. If no online APs exist in the area, the area will be marked as offline.
Before moving an AC to a new site, first remove the APs managed by the AC from the original area and then add them to the corresponding area in the new site. If you do not do so, the APs may not be visible in the new site.
Manage your network
You are placed on the Network grid menu after you log in to the cloud platform.
Network
Manage tenants
This task is available only for MSP accounts.
Perform this task to manage tenants and networks, management requests, and inactivated accounts. The created tenants will be managed by the MSP account directly.
View tenant information and manage tenants
1. From the left navigation pane, select Network > Tenants.
The Tenant Info tab displays information about managed tenants and device association status.
2. To create a tenant, click Create Tenant, and then configure the tenant as follows:
¡ Specify tenant information, including username (tenant name), enterprise name, email address, and password.
¡ Agree to the user agreement.
¡ Click Complete.
3. To access the Web interface of a tenant, click the tenant name in the Tenant Info list. To return to the Web interface of the MSP account, click the account name at the upper right corner, select Change Account, and then click Back to MSP Account.
4. To approve or deny tenant management requests, click Requests to Approve. Select the requests and then click Approve or Deny.
5. To view inactivated accounts, click Unactivated Accounts.
The list that opens displays email-registered accounts that have not been activated.
View the tenant management record
1. From the left navigation pane, select Network > Tenants.
2. Click the Records tab to view the record of tenant management approval, denial, and withdrawal operations.
Access the dashboard
Site information
For more information, see "View site information."
Manage site information
View site information
1. From the left navigation pane, select Network > Sites.
2. Select a branch and a site from the top of the work pane.
The Site Summary tab displays the following information about the selected site:
¡ Site Summary—Total device quantity and online device quantity in each category, or online client quantity. You can click the down chevron of a tile to expand the detailed information. To adjust the columns to display, click the Columns icon +/- at the end of the table header.
- Device Information—Information about devices in the site, including online state, device name, category, model, site, and device version. You can manage devices in the site in this area. For more information, see "Manage devices."
- Online Client List & Client Remarks—Information about APs in the site, including AP name, model, site, AC name, AC SN, MAC address, and version. To edit the remarks of a client, click the remarks column for the client.
¡ Network Topology—The system automatically discovers devices in the site through LLDP and creates a topology. If the system cannot identify a device, such as a device registered in another site, it marks the device icon with a question mark (?), which represents a virtual node.
|
|
NOTE: The topology cannot display IRF fabrics and port aggregation. |
Figure 20 Network topology
Manage devices
1. From the left navigation pane, select Network > Sites.
2. Select a branch and a site from the top of the work pane.
3. On the Site Summary tab, click the Device List down chevron in the AC or Cloud AP tile.
The Device Information list opens.
4. To remove devices from the site, select the devices, and then click Delete.
5. To restart devices, select the devices, and then click Restart.
6. To disconnect devices from the cloud network and connect again, select the devices, and then click Reset Cloud Connection.
7. To upgrade devices, select the devices, and then click Update. To upgrade the software to a specific version, go to the Maintenance > Software Upgrade page. For more information, see "Upgrade device software."
8. To configure a device from the CLI, select the device, and then click CLI Helper. For more information, see "Use the CLI helper."
9. To manage the file system of a device, select the device, and then click File System. For more information, see "Access the file system."
10. To access the local Web interface of a device, select the device, and then click Local Management. This task is available only for online devices of specific models.
11. To save the running configuration of a device, select the device, and then click Save Config.
12. To view detailed information about a device or manage a device, click the device name.
The window that opens at the right of the page displays device basics, port, operation, and configuration information as well as configuration shortcuts. You can click Details to open the device details page.
Manage the site topology
Only the tenant can edit the topology.
To manage the site topology:
1. From the left navigation pane, select Network > Sites.
2. Select a branch and a site from the top of the work pane.
3. On the Site Summary tab, perform the following tasks to edit the topology:
¡ To
discover new devices, click the Details icon 
. The dialog box that opens displays newly discovered devices.
- To restart device discovery, click Rediscover.
- To register devices in the site, select target devices and then click Register.
¡ To update the topology after a topology change, click Recalculate. The system automatically recalculates the topology after you manually add, delete, or register devices.
¡ To refresh the topology, click Refresh. To enable automatic topology refreshing, enable Auto Refresh. This operation triggers the system to refresh the topology at intervals of 10 seconds in the coming hour.
¡ To zoom in or zoom out the topology, click the Zoom In or Zoom Out icon. To change the topology orientation, click Vertical or Horizontal. If the canvas cannot display all devices at the same time after modification, you can drag a device icon to adjust the display.
¡ To display device IP addresses or interface names, select Show IP Address or Show Interface Name. To display only nodes of specific levels, select the levels from the list. Options include Expand All, Level One Nodes, Level Two Nodes, and Level Three Nodes.
¡ To view basic, detailed, and running information about a device and manage a device, click the device icon.
¡ To add a device manually, click the Details icon and then click the Incorrectly Displayed Devices tab. Only specific devices, such as ACG devices, can be added manually as gateway devices. The following states are available for incorrectly displayed devices:
- Unknown Version—The cloud platform cannot obtain version information for the device.
- Version Not Supported—The cloud platform cannot obtain hardware information for the device.
- NETCONF Connection Not Established—Connection errors exist between the device and cloud platform.
- LLDP Disabled—LLDP is disabled on the device.
- Other.
¡ To
download the topology, click the Download icon 
.
Manage areas
1. To create an area, click Edit on the Area Management tab. Click Add, and enter an area name.
2.
To add APs to the area, click the Add AP
icon 
in the Actions column for the target area. Select APs, and
click Submit.
3. You can also view information about areas, including area health, area score, client count, and AP count.
Set the time zone
Set the time zone for a site to ensure time accuracy for the network.
Manage devices
Perform this task to manage devices and view their operations and details. This section includes displaying a list of managed devices, as well as providing functions for upgrading versions, restarting, resetting cloud connections, local management, and CLI connections for devices.
Procedure
1. Incorporate devices.
Configure the platform registration address on the devices. Access the cloud platform, click the plus icon at the upper right corner and click Device. Select a site, specify the device name and device serial number, and then click Add Device.
2. Delete devices.
On the device list page, select the devices to be deleted, and then click Delete.
3. Upgrade device versions.
Select the online devices to be upgraded, and then click Upgrade. Select the target version and then click OK.
Make sure the administrator has uploaded the target version to the platform.
4. Restart devices.
Select the online devices to be restarted, and then click Device Restart. In the dialog box that opens, click OK.
5. Reset the cloud connection.
Select online devices whose connections are to be reset, and then click Reset Cloud Connection.
6. Connect to the device CLI.
You can click CLI Helper for an online device to visit the CLI of the device.
7. View device details.
Click the device name and then click Detail to the right of the page.
Manage organizations
Perform this task to manage the organizational architecture of a network. You can create, edit, or delete branches or sites. You can also display the branches of a network and the sites of a branch.
Endpoints
View client statistics
Perform this task to view network access information such as client and traffic statistics.
General restrictions and guidelines
· Associated clients include clients that have passed and have not passed authentication.
· If no authentication is configured, authenticated clients are counted as 0.
View client summary
Perform this task to view summary about currently online, first-access, multiple-access (associated), and total clients, and average online duration.
Restrictions and guidelines
· Data comparison
¡ You cannot compare statistics for the current day.
¡ You can compare client statistics for the same site or for different sites as needed. When you compare statistics for the same site:
- You can compare the client trend and average online duration in one day by clicking the date twice.
- If you compare the client trend and average online duration in two different time ranges, the number of days in the time ranges must be the same.
¡ When you compare statistics for different sites, you can compare only statistics on the same day or in the same time range.
¡ If you specify a time range that spans multiple days, statistics about the current day are not collected.
· Client distribution by week visit quantity/week visits trend
¡ If you select a single day, the system displays the client data for the week that includes the specified day. For example, if you select 2018-05-23, the system displays the client data from 2018-05-21 to 2018-05-27.
¡ If you select multiple days, the system displays the client data for the weeks that include the specified days. For example, if you select 2018-05-20 to 2018-05-21, the system displays the client data from 2018-05-14 to 2018-05-20 and 2018-05-21 to 2018-05-27.
Procedure
1. From the left navigation pane, select Endpoints > Client Statistics > Client Summary.
2. Select a branch and a site from the top of the work pane.
3. To compare client statistics in the specified time range, click Data Comparison in the Client Trend area.
4. To compare the average length of stay for clients in the specified time range, click Data Comparison in the Average Online Duration Trend area.
Parameters
· Client statistics
¡ Online Clients: Number of online clients in all sites.
¡ Avg Online Duration: Daily average online duration per client for each site. If you select a time range that spans more than one day, statistics on all these days are counted as a sum.
· Client Rank
¡ By Quantity
- Top 5: Top 5 dates when a site has the most clients or top 5 sites with the most clients.
- Bottom 5: Top 5 dates when a site has the least clients or top 5 sites with the least clients. If the current day is selected, this graph displays statistics for the past 7 days.
¡ Online Duration Ranking
- Top 10: Top 10 clients that have the longest online duration for a site or multiple sites.
· Access User Proportion: Proportions of first-access clients and multiple-access clients during the specified time range.
· Client Trend: Hourly client trend for the selected day or the daily client trend for the selected time range. A client is counted as one client even if the client has accessed the network multiple times in five minutes or a day.
¡ Data Comparison: Compares data in specified sites and time ranges.
- By Client Vendor: Distribution of clients by client vendor.
- By SSID: Distribution of clients by SSID.
- Online Duration Proportion: Distribution of clients by online duration. The statistics are cumulative. For example, if a client has accessed a site twice, the client is counted as two clients and the length of stay is the sum of the two accesses.
- Average Online Duration Trend: Average online duration of all clients by day. If you select Today, the statistics for the past seven days are displayed.
Data Comparison: Compares data in specified sites and time ranges.
- Number of Week Visits/Week Visits Trend: Distribution of clients by number of week visits.
View client details
Perform this task to view online or offline client information and export the data for analysis.
Restrictions and guidelines
You can select only one site.
The tables display only default
information. To view more information, click the Columns
icon 
and then select
the target columns to display.
Procedure
1. From the left navigation pane, select Endpoints > Client Statistics > Client Details.
2. Select a branch and a site from the top of the work pane.
3. To view detailed information about associated clients, click Associated Clients.
4. To view detailed information about authenticated clients, click Authenticated Clients.
Parameters
· Online Clients: Detailed information about all online clients in the current site.
· Client History: Detailed information about all offline clients within the past one to seven days.
View traffic summary
Perform this task to view summary about real-time client traffic or client traffic trend in the specified time range and compare traffic statistics in one site or between different sites.
Restrictions and guidelines
· If you specify a time range that spans multiple days, day-on-day statistics are not displayed.
· If you select Today, the statistics for the past seven days are displayed.
· You cannot compare statistics for the current day.
· You can compare traffic statistics for the same site or for different sites as needed. When you compare statistics for one site:
¡ You can compare the traffic statistics in one day by clicking the date twice.
¡ If you compare the traffic statistics in two different time ranges, the number of days in the time ranges must be the same.
· When you compare statistics for different sites, you can compare only statistics on the same day or in the same time range.
Procedure
1. From the left navigation pane, select Endpoints > Client Statistics > Traffic Summary.
2. Select a branch and a site from the top of the work pane.
3. To compare traffic statistics in the specified time range, click Data Comparison in the Total Traffic Trend area.
4. To compare traffic statistics per person in the specified time range, click Data Comparison in the Rank of Traffic per Person area.
Parameters
· Traffic statistics: Total upload and download traffic, upload and download traffic per person, and day-on-day traffic ratio and peak traffic within 30 days.
· Total Traffic Ranking: Top 5 and bottom 5 traffic by day or by site.
· Client Traffic Ranking: Top 10 traffic by client or by site.
· Total Traffic Trend: Total traffic trend during the specified time range.
· Rank of Traffic per Person: Top 5 and bottom 5 traffic per person by day or by site.
View traffic details
Perform this task to view online or offline client traffic information and export the data for analysis.
Restrictions and guidelines
You can select only one site.
Procedure
1. From the left navigation pane, select Endpoints > Client Statistics > Traffic Details.
2. Select a branch and a site from the top of the work pane.
3. To view detailed traffic information about associated clients, click Associated Clients.
4. To view detailed traffic information about authenticated clients, click Authenticated Clients.
Parameters
· Online Client Traffic: Detailed traffic information about all online clients in the current site.
· Client Traffic History: Detailed traffic information about all offline clients within the past one to seven days.
Monitor
Monitor devices
Restrictions and guidelines
· This task is available for ACs, routers, and switches.
· To obtain more information about a device, connect the device to the cloud platform.
· You can view operation logs within a maximum of one month.
· If you specify a time range that spans multiple days, CPU, memory and rate statistics about the current day are not collected.
· The system collects CPU and memory usage and uplink and downlink rates every 5 minutes. To view data in multiple days, shrink the horizontal scrollbar and then drag it left or right.
· To view the uplink and downlink rates at a specific time point, hover over that time point in the trend graph.
Procedure
1. From the left navigation pane, select Monitor > Device_Category > Summary.
2. Select a branch, a site, and a device from the top of the work pane.
3. Perform device operations as needed.
Tasks available for all devices
1. To view the CPU and memory usage trend, click Expand from the Operating Info tile.
The logs record operations on the cloud platform account, IP address, and device configuration.
2. To view device association and disassociation records, click Expand from the Device State tile.
3. To view the rate trend, click Expand from the Realtime Rate tile. To set the rated bandwidths, click Set Rated Bandwidth.
4. To view AP ranking by disassociation quantity in the specified time range, click Expand from the AP Info tile. The Top10 APs with Most Disassociations graph opens.
5. To view the client association trend in the specified time range, click Expand from the Client Info tile. If the time range spans one day, the system displays client statistics by hour. If the time range spans multiple days, the system displays client statistics by day.
6. To view the alarm logs, click the Alarm Logs tab.
The list that opens displays information about alarms generated on the device in the specified time range, including notification method, severity, alarm state, alarm type, site, device, content, and generation time.
¡ To adjust the columns to display, click the Columns icon +/-.
¡ To filter alarms, click Filter, and then specify the filtering criteria as needed.
¡ To export the displayed alarms, click Export.
¡ To mark specific alarms as read, select the alarms and then click Mark as Read.
¡ To mark all alarms as read, click Mark All as Read.
7. To use the ping, trace, or AP locating tool, click the Tools tab. For more information, see "Use tools to manage devices."
Tasks available only for ACs and routers
1. To view the AP list, click the AP List tab.
The list that opens displays AP information, including AP name, SN, model, MAC, and version.
¡ To adjust the columns to display, click the Columns icon +/-.
¡ To filter APs, click Online, Offline, All, or Invalid.
¡ To change the name of an AP, click the AP name.
2. To view the client list, click the Client List tab.
The list that opens displays client information, including client MAC, IP, vendor, associated AP, SSID, online duration, RSSI, frequency, channel, association time, and client mode. To adjust the columns to display, click the Columns icon +/-.
Tasks available only for switches
1. To view interface statistics, click the Summary tab.
The list that opens displays interface statistics, including interface type, link state, PoE support, inbound rate, outbound rate, inbound unicasts, outbound unicasts, inbound non-unicasts, outbound non-unicasts, discarded inbound non-error packets, and discarded outbound non-error packets.
¡ To adjust the columns to display, click the Columns icon +/-.
¡ To clear statistics about specific interfaces, select the interfaces, and then click Bulk Delete.
¡ To clear all statistics, click Clear All.
2. To configure interfaces, click the Interface Management tab, select interfaces to manage, configure interface parameters, and then click Submit.
Available parameters include management state, duplex mode, interface type, PVID, rate, flow control, and bandwidth. You can view the configuration result from the interface list below.
3. To manage VLAN settings, click the VLAN tab.
The list that opens displays VLAN information, including VLAN ID, untagged ports, tagged ports, VLAN interface IP, subnet mask, and VLAN description.
¡ To
view all the tagged or untagged ports, click the 
icon.
¡ To
edit a VLAN, click the Edit icon 
.
¡ To
delete a VLAN, click the Delete icon 
.
¡ To delete the specified VLANs, click Custom Deletion.
¡ To add a VLAN, click Add.
4. To configure link aggregation, click the Link Aggregation tab.
The list that opens displays link aggregation information, including aggregation group ID, description, aggregation mode, and member ports.
¡ To
view all the member ports of a group, click the 
icon.
¡ To
edit an aggregation group, click the Edit icon 
for that group. You can edit the aggregation type, aggregation
mode, description, and member ports.
¡ To
delete an aggregation group, click the Delete icon 
.
¡ To add an aggregation group, click Add.
¡ To delete specific aggregation groups, select the groups, and then click Bulk Delete.
5. To configure port isolation, click the Port Isolation tab.
The list that opens displays link aggregation information, including isolation group ID and member ports.
¡ To
view all the member ports of a group, click the 
icon.
¡ To
edit an isolation group, click the Edit icon 
for the group. You can edit the member ports.
¡ To
delete an isolation group, click the Delete icon 
.
¡ To add an isolation group, click Add.
¡ To delete specific isolation groups, select the groups, and then click Bulk Delete.
Parameters
· Device Score
¡ Remaining Bandwidth: By ratio of the
egress bandwidth to the total available bandwidth. A lower ratio, a higher
score. To set the rated bandwidths, click 
next to this field.
¡ Online AP Ratio: By ratio of online APs to the total number of APs. More online APs, higher score.
¡ Client Rate: By rate of low-rate clients to the total number of APs. Fewer low-rate clients, higher score.
¡ Security Score: By number of rogue APs in the WLAN. Less rogue APs, higher score.
¡ Wireless Environment: By interference state. Less interference, higher score.
¡ System Health: By CPU and memory usages. Lower CPU and memory usages, higher score. The system takes the lower score between them.
· Panel Info: Information about ports on the device panel, including port name, operating state, configured rate, actual rate, duplex mode, link type, and port description. To view information about a port, click the port.
For panel information about switches, see "Configure basic settings."
· Set Rated Bandwidth: Uplink and downlink rates of a device in the specified time range. To set the rated bandwidths, click Set Rated Bandwidth. After you set the rated bandwidths, the rated bandwidth values in the graph will change accordingly. You must configure the rated bandwidths to be the same those you have purchased from your service provider.
· Device State: Device state shown by score. A device is scored by CPU usage and memory usage and the system uses the lower one of the two scores as the device score. The lower the usage, the higher the score.
· Uplink Bandwidth: Uplink bandwidth shown by score. The uplink bandwidth is scored by its usage. The lower the usage, the higher the score.
· Interface Capability: Capability of interfaces in up status shown by score. Interfaces in up state are scored by interface rate and operating mode. The system uses the average score of all up interfaces as the interface capability score.
View AP summary
Restrictions and guidelines
· This task is available for only ACs.
· You can select a single site or a branch that contains multiple sites.
· The system does not count APs that go offline unexpectedly as offline APs.
Procedure
1. From the left navigation pane, select Monitor > Device_Category > AP Summary.
2. Select a branch and a site from the top of the work pane.
3.
To view real-time traffic ranking of all
APs, click the Info icon 
at the upper right corner of the Realtime AP Traffic Top 5
area.
4.
To view real-time user ranking of all APs,
click the Info icon 
at the upper right corner of the Realtime AP User Top 5
area.
Parameters
· AP statistics: Number of online, offline, total, and invalid APs.
· Realtime AP Traffic Top 5: Top 5 APs with the most downlink traffic.
· Realtime AP User Top 5: Top 5 APs with the most associated clients.
· AP Disassociations: Distribution of APs by the number of disassociations.
· AP Disassociation Reason: Distribution of APs by disassociation reason.
· AP Disassociations Top 10: Top 10 APs with the most disassociations. The system counts AP disassociations by day.
View AP details
This page displays information about APs in the site, including AP name, model, site, AC name, AC SN, MAC address, and version. To filter APs, click Online, Offline, All, or Invalid. To view detailed information about an AP, click the AP name.
View cloud-managed AP summary
Restrictions and guidelines
This task is available only for cloud-managed APs.
Procedure
1. From the left navigation pane, select Monitor > Cloud APs > Dashboard.
2. Select a branch and a site from the top of the work pane.
Parameters
· AP statistics: Numbers of online, offline, and total cloud-managed APs.
· Top 5 APs by Traffic: Five APs with the most total traffic today in the current site.
· Top 5 APs by Endpoints: Five APs with the most online endpoints in real time in the current site.
· Top5 APs by Alarms: Five APs with the most alarms in the current site.
View the cloud-managed AP list
Restrictions and guidelines
This task is available only for cloud-managed APs.
Procedure
1. From the left navigation pane, select Monitor > Cloud APs > AP List.
2. Select a branch and a site from the top of the work pane.
The page that opens displays AP information, including AP online state, MAC address, version, and radio information.
3. To adjust the columns to display, click the Columns icon +/-.
4. To view the updated information, click Refresh to refresh the list.
5. To export the AP list, click Export.
6. To search for specific APs, click Filter, specify AP name, MAC address, local IP address, and version as needed, select a state, configure Advanced Search as needed, and then click Search.
7. To view detailed information about an AP, click the AP name.
The State tab opens and displays AP basics, CPU and memory usage, and uplink and downlink traffic information collected during the current day.
¡ To view operation logs and alarms generated on the AP, click the Event tab.
¡ To view client association trend and online client information, click the Client tab. The system collects client statistics at intervals of five minutes. You can click the MAC address of a client in the Online Client Info list to view the client details, including client state and statistics.
¡ To use the ping, trace, or AP locating tool, click the Tools tab.
The AP locating tool turns on the AP LED for a maximum of 30 minutes to help locate the AP. The previous LED state will be restored once you leave the page.
View router information
This task allows you to view the following router information: basic information, running information, online state, real-time rate, panel information, logs, alarms, AP list, endpoint list, and maintenance tool.
View switch information
This task allows you to view the following switch information: basic information, running information, online state, real-time rate, panel information, interface list, VLAN, link aggregation, port isolation, PoE, logs, alarms, and maintenance tool.
Settings
Manage bulk configuration templates
Perform this task to bulk configure and deploy services such as VLAN, port, and WLAN services on devices.
Manage AC templates
Restrictions and guidelines
When adding an AC template, follow these guidelines:
· If you select 802.1X for the encryption service, you must configure an 802.1X authentication user on the RADIUS server.
· For the 802.1X authentication to take effect, make sure the related settings are correct. You can use an 802.1X template on the same device in the site, or you can configure settings directly on the ACs > 802.1X Auth page. For more information, see "Configure 802.1X authentication."
· The Signal Strength Change Threshold and Filter Random MAC features take effect only when the wireless probe is enabled.
· Only devices of Custom 5405, Release 1038P05, or a higher version support the Domain Name Whitelist and Domain Name Blacklist features.
· If a domain name is in the domain name whitelist and blacklist at the same time, the blacklist takes effect.
Procedure
1. From the left navigation pane, select Settings > Bulk Cfg Templates > AC Templates.
2. To add an AC template, click Add. Configure the following parameters as needed, and then click OK:
¡ Name—Specify the template name.
¡ Description—Specify the template description.
On the Wireless Basic Settings tab:
¡ Basic Settings:
- Wireless Service Name—Specify the wireless service name.
- SSID—Specify the SSID.
- Encryption—Configure the encryption service. If you select PSK, you must configure and enter the PSK password during client association. If you select Off, the encryption service is disabled. If you select 802.1X, you must use the 802.1X authentication method to authenticate clients with an authentication server.
¡ Advanced Settings:
- Service State—Turn on or turn off the wireless service. If you turn off a wireless service, endpoints connected to the service will go offline.
- Hide SSID—Hiding SSIDs disables devices from discovering the wireless service to enhance network security. If you want to connect to the hidden service, you must enter the SSID on the device for association.
- Layer 2 Isolation—Disables users from communicating with each at Layer 2.
- Guaranteed Bandwidth—Specify the bandwidth ratio to guarantee downlink bandwidth for each wireless service when the network is congested. Make sure the bandwidth ratio of all wireless services is not higher than 100%.
- VLAN—A client is added to VLAN 1 by default after the client is connected to the wireless service.
On the Domain Name Whitelist tab:
¡ Add—Click Add, specify the domain name, and click OK. The number of added entries cannot exceed 32.
¡ Delete—Click the Delete icon 
in the list for a target domain, or you can select multiple domains
and click Delete.
On the Domain Name Blacklist tab:
¡ Add—Click Add, specify the domain name, and click OK. The number of added entries cannot exceed 32.
¡ Delete—Click the Delete icon 
in the list for a target domain, or you can select multiple domains
and click Delete.
3.
To apply an AC template, click the Apply
icon 
for that template. On the page that opens, configure the branch and
site, select ACs from the list, and click Apply.
4.
To view the application record, click the
Records icon 
for the template. On the page that opens, you can perform the
following tasks:
¡ To filter the result by time range, click One Day, and then select a time range. Options include One Day, One Week, One Month, and All.
¡ To re-apply devices, select the devices and then click Reapply.
¡ To export all the application statistics, click Export.
5.
To edit an AC template, click the Edit
icon 
for that template. Edit the template as needed.
6.
To delete an AC template, click the Delete
icon 
for that template. In the dialog box that opens, click OK.
Manage switch templates
1. From the left navigation pane, select Settings > Bulk Cfg Templates > Switch Templates.
2. You can perform the following tasks to add a switch template in CLI mode or GUI mode.
¡ To add a switch template in GUI mode, select GUI to access the Template List page and click Add. Enter the template name, select a device model, and click OK.
After configuration, you are navigated to the template editing page. Edit the template as needed.
¡ To add a switch template in CLI mode, select CLI to access the Template List page and click Add. Enter the template name and description, configure the template settings as needed, input command as formatted in the examples, and click OK. On the page that opens, click OK and you will be navigated to the template application page.
3.
To apply a switch template, click the Apply
icon 
for that template. On the page that opens, configure the branch and
site, select switches from the list, and click Apply.
4.
To view the application record, click the Records
icon 
for the template. On the page that opens, you can perform the
following tasks:
¡ To filter the record by time range, click One Day, and then select a time range. Options include One Day, One Week, One Month, and All.
¡ To view failure details of settings that failed to be issued by CLI, click Show Detail.
¡ To re-apply devices, select the devices and then click Reapply.
5.
To edit a switch template, click the Edit
icon 
for that template. Edit the template as needed.
6.
To delete a switch template, click the Delete
icon 
for that template. In the dialog box that opens, click OK.
Manage 802.1X templates
Perform this task to configure 802.1X authentication template and RADIUS scheme template.
Only ACs, routers, and switches support this feature.
The cloud platform is not used as an authentication server but you can configure information for an external 802.1X authentication server on the platform. You must configure the 802.1X authentication user account and password on the RADIUS server.
1. From the left navigation pane, select Settings > Bulk Cfg Templates > 802.1X Templates.
2. To add a RADIUS scheme template, click the RADIUS Scheme Template tab and click Add. Configure the template as needed.
3. To add an 802.1X authentication template, select the 802.1X Auth Template tab and click Add. Configure the template as needed.
In wireless mode, select EAP for Auth Protocol. Advanced Settings is only available for wired access authentication.
4.
To apply a template, click the Apply
icon 
for that template on the 802.1X Auth Template tab. On the
page that opens, specify the site, device category, device name, access method,
and ports, click Add, and then click Apply.
5.
To view the application record, click the History
icon 
for that template. On the page that opens, you can perform the
following tasks:
¡ To filter the record by time range, click One Day, and then select a time range. Options include One Day, One Week, One Month, and All.
¡ To re-apply devices, select the devices and then click Reapply.
6.
To edit a template, click the Edit
icon 
for that template. Edit the template as needed.
7.
To delete a template, click the Delete
icon 
for that template. In the dialog box that opens, click OK.
Manage cloud AP templates
Configure command lines under the guidance of professionals.
You can create a maximum of 10 Configlets in one bulk configuration template.
1. From the left navigation pane, select Settings > Bulk Cfg Templates > Cloud AP Templates.
2. To add a cloud AP template, click Add, enter the template name and description, configure the following settings as needed, and then click OK:
¡ On the Wi-Fi Settings tab, enable State to show the Wi-Fi list. Click the SSID in the list for a target service and configure SSID parameters as needed, such as Auto SSID, SSID, Wireless Service, Forwarding Mode, and Encryption. For more information about Wi-Fi settings, see "Configure Wi-Fi settings."
¡ On the CLI tab, enable State and click Please add. On the page that opens, select All or Select for a specific model and click OK. After adding a model, enter the description, configure command lines as formatted in the example, and click OK. After configuring one model, click Add to add other models. You can configure a maximum of 10 models.
3.
To apply a template, click the Apply
icon 
in the Actions column for that template. On the page that
opens, specify the branch and site and click Apply.
4.
To view the application record, click the Records
icon 
in the Actions column for that template. On the page that
opens, to re-apply devices, select sites and click Reapply.
Configure an AC
Configure wireless services
1. From the left navigation pane, select Settings > ACs > Wireless Services.
2. Select a branch, a site, and a device from the top of the work pane.
3. To add a wireless service, click Add, configure wireless service settings as needed, and then click Submit to finish adding or click Next to bind APs to this wireless service.
4.
To bind APs to an existing wireless service,
click the Bind icon 
for that wireless service, click the Unbound APs tab, select
APs (radios), and then click Bind.
5.
To unbind a wireless service, click the Bind
icon 
for that wireless service, select APs (radios) on the Bound APs
tab, and then click Unbound.
The wireless service binding is available for only manual APs, including APs converted from auto APs.
6. To view information about bound APs, click the number in the Bound APs column.
7.
To edit a wireless service, click the Edit
icon 
for that wireless service.
8.
To delete a wireless service, click the Delete
icon 
for that wireless service.
9. To synchronize information about locally created wireless services to the cloud platform, click Sync.
You can synchronize only wireless services that have an SSID configured.
Configure AP settings
This task is available only for ACs of version 5418 or later. The AP list displays only manual APs, including APs converted from auto APs.
To configure AP settings:
1. From the left navigation pane, select Settings > ACs > AP Settings.
2. Select a branch, a site, and a device from the top of the work pane.
3.
To configure an AP, click the Edit
icon 
for that AP. You can also click the AP name, state, channel, power,
or bandwidth link of an AP to edit the specific field.
4. To synchronize locally configured AP settings to the cloud platform, click Sync.
5. To export displayed AP information, click Export.
Configure WLAN security
This task is available only for ACs of Release 5442, ESS1050 or a higher version.
To configure attack detection:
1. From the left navigation pane, select Settings > ACs > WLAN Security.
2. Select a branch, a site, and a device from the top of the work pane. Click the Attack Detection tab.
3. Enable attack detection.
4. Specify the detection level.
¡ If
you specify High, Medium,
or Low for the detection level, the system has
predefined the detection items. The 
icon represents that the detection item supports countermeasures.
¡ If you specify Custom for the detection level, configure the detection items and countermeasure items as needed.
5.
Select sensor APs. Select APs in the Available
list and click the 
icon to add the APs to the Selected list. You can select a
maximum of 128 APs.
6. To simplify the procedure, click Copy SSID Detection Cfg to copy sensor AP configuration from the SSID Detection page.
To view wireless security monitoring information, access the Smart O&M > Security > Attack Detection page.
To configure SSID detection:
1. From the left navigation pane, select Settings > ACs > WLAN Security.
2. Select a branch, a site, and a device from the top of the work pane. Click the SSID Detection tab.
3. Enable SSID detection.
4.
Configure detection rules and countermeasure
state. Click Add. In the window that opens, select an SSID rule or MAC
rule, specify the matching criterion, and enable countermeasure as needed. To
add a rule, click the 
icon. You can configure a maximum of 10 rules for SSID detection. To
edit a rule, click the Edit icon 
in the SSID detection rule list.
5.
Select sensor APs. Select APs in the Available
list and click the 
icon to add the APs into the Selected list. You can select a
maximum of 128 APs.
6. To simplify the procedure, click Copy SSID Detection Cfg to copy sensor AP configuration from the SSID Detection page.
To view wireless security monitoring information, access the Smart O&M > Security > SSID Detection page.
To configure MAC spoofing detection:
1. From the left navigation pane, select Settings > ACs > WLAN Security.
2. Select a branch, a site, and a device from the top of the work pane. Click the MAC Spoofing Detection tab.
3. Click Sync from Device to synchronize configured wireless services from the local to the cloud platform.
4. To enable MAC spoofing detection for all wireless services, click Enable All. To enable MAC spoofing detection for a specific wireless service, click the enabling icon for that service.
To view wireless security monitoring information, access the Smart O&M > Security > MAC Spoofing Detection page.
Configure basic network settings
VLAN and DHCP related configuration requires the AC version to be R5412, R5586, R1203, or higher.
Access the network basics page
1. From the left navigation pane, select Settings > ACs > Basic Settings.
2. Select a branch, a site, and a device from the top of the work pane.
3. To synchronize locally configured basic network settings to the cloud platform, click Sync.
Configure auto refresh
For the system to refresh the page automatically, enable auto refresh. This feature enables the system to refresh the page at intervals of 5 minutes in the coming hour.
Configure internal network settings
1. To configure local settings, click the Local tab and configure the settings as needed.
¡ Specify the system domain name.
¡ Specify the local address, IP address of VLAN-interface 1.
¡ Specify the guest gateway address, IP address of VLAN-interface 100.
Figure 21 Configuring local settings
2. To configure VLAN settings, click the VLANs tab.
VLAN 1 and VLAN 100 cannot be deleted.
¡ To add a VLAN, click Add VLAN and configure the VLAN as needed.
- Specify the VLAN ID.
- Specify the VLAN interface IP.
- Specify the subnet mask.
- Specify the description. Question marks (?) are not allowed.
Figure 22 Adding a VLAN
¡ To view member port information for a VLAN, click the number in the Member Ports field.
¡ To delete specific VLANs, click Custom Delete and specify the IDs of the VLANs to delete.
¡ To delete VLANs in bulk, select the VLANs, and then click Bulk Delete.
¡ To
delete a specific VLAN, click the Delete icon 
for that VLAN.
¡ To
edit a VLAN, click the Edit icon 
for that VLAN.
3. To configure port settings, click the Ports tab.
The page that opens displays port configuration.
To edit a port, click the Edit icon 
for that port.
You can edit the link type, PVID, permit VLANs, port isolation, and PoE.
Figure 23 Editing a port
4. To configure DHCP settings, click the DHCP tab.
The page that opens displays DHCP configuration, including IP segment, lease, and assigned addresses.
¡ To
configure DHCP server settings, click the Edit icon
for an entry. You can configure the IP address lease, address pool
start address, address pool end address, reserved IP addresses, and DNS server.
Figure 24 Configuring DHCP server settings
¡ To
configure static bindings for a VLAN, click the Static
Binding icon 
. You can click Add to add a static
binding between an IP address and a MAC address.
5. To view DHCP leases, click the DHCP Leases tab.
The page that opens displays information about DHCP leases, including IP assignment method and lease remaining time.
Configure authentication
This task allows you to configure the portal authentication template for ACs and draw authentication pages. SMS authentication, account authentication, and one-key authentication are supported.
Manage users
You can manage the following authentication users:
· Portal authentication users—You can manage fixed accounts, view endpoints in a site, and add endpoints to the blacklist.
· 802.1X authentication users—You can manage 802.1X authentication endpoints in a site, add and delete authentication accounts, import and export authentication accounts in bulk, set the expiry time, view the endpoint list, and query endpoints.
|
|
NOTE: Only 802.1X authentication users of built-in RADIUS servers can be managed. |
· MAC authentication users—You can manage MAC authentication endpoints in a site, add and delete authentication accounts, import and export authentication accounts in bulk, set the expiry time, view the endpoint list, and query endpoints.
Configure 802.1X authentication
You can configure settings for the 802.1X authentication server on the cloud platform but do not use the cloud platform as the authentication server. To configure the 802.1X authentication user account and password, use the RADIUS server.
1. From the left navigation pane, select Settings > ACs > 802.1X Auth.
2. Select a branch and a site from the top of the work pane.
3. Select the Auth Policy tab. Enable Auth State, select the authentication protocol, and click Submit. In wireless mode, specify EAP for the authentication protocol.
4. Select the RADIUS scheme tab. Click Add and configure the RADIUS scheme as needed.
5. Select the Apply to Device tab. Select the access method, configure the RADIUS scheme, and specify the authentication port. Configure the advanced settings as needed. Click Add and then click Submit.
Configure cloud-managed APs
Configure wireless services
Access the WLAN settings page
From the left navigation pane, select Settings > Cloud APs > WLAN Settings.
Select a branch and a site from the top of the work pane.
Configure the region code
Select a region code based on the actual location of the device, and then click OK.
The region code determines the working band, channel, and transmit power of radios. Make sure you specify a correct region code that does not violate the local regulations.
Selecting a region code
Configure Wi-Fi settings
1. Click the Wi-Fi Settings tab.
2.
To configure wireless service settings,
click the down chevron icon 
for the wireless service field.
The list that opens displays all or enabled services.
¡ To enable or disable services, select the services, and then click Enable Service or Disable Service.
¡ To hide or show SSIDs, select the services, and then click Hide SSID or Show SSID.
¡ To edit a wireless service, click the service name. Configure the service parameters as needed, including auto SSID, SSID, service status, forwarding mode, encryption, authentication, authentication fail permit, and client MACs filtering settings.
|
|
NOTE: · If auto SSID is enabled, you must click Auto SSID Setting Sync to deploy changes to devices after manually changing the AP name or importing APs. · If you specify 802.1X encryption for the device and Built-In Server for the AAA server configuration, the cloud-managed AP acts as the RADIUS server to provide services. You can configure 802.1X authentication user account and password on the cloud platform. If you specify External Server for the AAA server configuration, you can configure the authentication server, accounting server, and ISP domain settings. You must configure 802.1X authentication user account and password on the external RADIUS server. |
3.
To configure whitelist and blacklist
settings, click the down chevron icon 
for the domain name whitelist and blacklist field.
The system does not authenticate domain names in the whitelist and forbids access from domain names in the blacklist. If you add a domain name to both the whitelist and the blacklist, the blacklist entry takes effect.
As a best practice, add all domain names that do not require authentication to the whitelist.
4.
To configure advanced settings, click the
down chevron icon 
for the advanced settings field, configure the following features,
and then click OK:
¡ 5GHz-Preferred—Enables dual-band clients to prefer to access 5 GHz radios.
¡ 5GHz Load Balance—Hides the SSID of a 5 GHz radio if the number of associated clients reaches 40 and the client quantity gap between the radio and another 5 GHz radio reaches 10. SSID hiding will be disabled if the associated client quantity or quantity gap drops below the corresponding threshold.
¡ WLAN Probe—Enables the device to snoop wireless packets to monitor the wireless environment.
Configure radio settings
1. Click the Radio Configuration tab.
2. Select a scenario for the site. Each scenario defines a set of default settings. Scenario options include:
¡ High Density Coverage—Specifies high-density AP deployment, such as large conference rooms, dining rooms, exhibition halls, and collocation offices.
¡ Hotels—Applies to scenarios where one AP covers one to two rooms.
¡ Office—Applies to scenarios where one AP covers one to two rooms.
¡ Shops—Applies to low-density AP deployment with enough channel resources.
¡ Default—Specifies default deployment, which is applicable to most scenarios.
¡ Custom—Uses customized radio bandwidth and power settings.
3. To edit radio settings, click the Edit icon for the cloud-managed AP, and then configure the radio state, channel, power, and bandwidth as needed.
Figure 25 Editing radio settings
4. Enable configuration synchronization for cloud-managed APs.
With this feature enabled, the system synchronizes configurations from the cloud to the cloud-managed APs at specified intervals.
With this feature disabled, newly added cloud-managed APs cannot obtain configurations from the cloud, and configuration changes on the cloud cannot be deployed to offline APs. This might cause configuration inconsistency on devices and on the cloud.
Configure authentication
|
|
NOTE: Only some AP models support this feature. |
1. From the left navigation pane, select Settings > Cloud APs > Authentication.
2. Select a site from the top of the work pane.
3. Click Add to add a RADUIS scheme, and configure the following parameters: primary IP addresses and port numbers of the authentication server and accounting server, shared key, ISP domain, and domain name issuing method.
4. Click OK.
Manage users
You can manage the following authentication users:
· Portal authentication users—You can manage fixed accounts, view endpoints in a site, and add endpoints to the blacklist.
· 802.1X authentication users—You can manage 802.1X authentication endpoints in a site, add and delete authentication accounts, import and export authentication accounts in bulk, set the expiry time, view the endpoint list, and query endpoints.
|
|
NOTE: Only 802.1X authentication users of built-in RADIUS servers can be managed. |
Manage login settings
Procedure
1. From the left navigation pane, select Settings > Cloud APs > Login.
2. Select a branch and a site from the top of the work pane.
3. Configure the password for local Web access and configure management Wi-Fi settings.
You can use the management Wi-Fi to access and manage a cloud-managed AP. The default SSID of the management Wi-Fi is INTELBRAS-AP_XXXXXX, where XXXXXX is the last six digits of the MAC address of the AP.
4. Enable SSH as needed. By default, SSH is disabled for login.
5. Enable Telnet as needed. By default, Telnet is enabled for login.
Support for SSH and Telnet depends on the device model.
Figure 26 Managing login settings
Parameters
· Password for Local Web Access: Set the password for accessing the local Web interface of cloud-managed APs. The password must be a case-sensitive string of 10 to 53 characters from at least two of the following categories: uppercase letters, lowercase letters, digits, and special characters. The password cannot contain a username or the reverse letters of a username.
· Hide SSID: Disable clients from discovering the SSID through active scanning. To access the WLAN, clients must enter the SSID to perform passive scanning. This enhances network security.
· Encryption: Enable the system to encrypt client traffic to enhance network security.
Configure command lines
Use this feature under the guidance of professionals.
1. From the left navigation pane, select Settings > Cloud APs > CLI.
2. Select a branch and a site from the top of the work pane.
3. To configure command lines, select the CLI tab. Click Add, select All or Select for a specific model, and click OK. After adding a model, enter the description and configure command lines as formatted in the examples and click OK. After configuring one model, click Add to add other models. You can configure a maximum of 10 models.
4. To view the application result for a template, click Records.
Configure routers
Configure basic network settings
1. From the left navigation pane, select Settings > Routers > Basic Settings.
2. Select a branch, a site, and a device from the top of the work pane.
3. You are placed on the Local tab.
To synchronize locally configured basic network settings to the cloud platform, click Sync from Device.
4. On the Local tab, configure the following local settings:
¡ System Domain Name: Name of the device.
¡ Local Address: IP address of VLAN-interface 1 on the device.
¡ Mask: IP address mask.
Figure 27 Configuring local settings
5. To configure LAN settings, click the LANs tab.
You cannot delete VLAN 1.
¡ To add a VLAN, click Add, and then configure the VLAN as needed.
- Specify the VLAN ID.
- Specify an IP address for the VLAN interface.
- Specify a subnet mask for the interface IP address.
- Specify a VLAN description. Question marks (?) are not allowed.
¡ To add a LAN interface, click Add, click the LAN tab, and then configure the LAN interface as needed.
- Select an interface.
- Specify an IP address for the interface.
- Specify a subnet mask for the interface IP address.
¡ To view member ports of a VLAN, click the number link in the Member Ports column.
¡ To delete specific VLANs, click Custom Delete, and then specify the IDs of VLANs to delete.
¡ To delete VLANs or LAN interfaces in bulk, select the VLAN or LAN interface entries, and then click Bulk Delete.
¡ To
delete a VLAN or LAN interface, click the Delete
icon 
for that VLAN or LAN interface.
¡ To
edit a VLAN or LAN interface, click the Edit icon 
for that VLAN or LAN interface.
6. To configure port settings, click the Ports tab.
The page that opens displays port configuration.
To edit a port, click the Edit icon 
for that port.
You can edit the link type, PVID, permitted VLANs, port isolation, and PoE
settings.
Figure 28 Editing a port
7. To configure DHCP settings, click the DHCP tab.
The page that opens displays DHCP configuration, including IP segment, lease, and assigned addresses.
¡ To
configure DHCP server settings, click the Edit icon 
for an entry. You can configure the IP address lease, address pool
start address, address pool end address, reserved IP addresses, and DNS server.
¡ To
configure static bindings, click the Static Binding icon 
for an entry. You can click Add to add a static binding between an
IP address and a MAC address.
¡ To reserve IP addresses from all address pools, click Global Reserved Addresses.
8. To view DHCP leases, click the DHCP Leases tab.
The page that opens displays information about DHCP leases, including IP assignment method and lease remaining time.
9. To configure time settings, click the Time Settings tab.
¡ Select a time zone.
¡ Select whether to enable NTP.
¡ Specify recommended and custom NTP servers.
10. To test egress link connectivity, click the Egress Link Connectivity Test tab.
Only MSR series device supports this feature.
¡ Enable wired link test as needed. If you select On for this feature, configure the test address, test interface, and alarm threshold.
¡ Enable 4G link test as needed. If you select On for this feature, configure the test address, test interface, and alarm threshold.
Figure 29 Configuring egress link connectivity test
Configure VPN settings
This task allows you to configure and manage VPNs.
· VPN Monitor—You can monitor the connectivity and basic information of VPN tunnels.
· Headquarters VPN—You can create a headquarters VPN and view its status and basic information.
· Branch VPN—You can create a branch VPNs in bulk and view their status and basic information.
Configure authentication
This task allows you to configure the portal authentication template for routers and draw authentication pages. SMS authentication, account authentication, and one-key authentication are supported.
Configure wireless authentication
From the left navigation pane, select Settings > ACs > Wireless Auth.
1. To add a configuration template, click Add, configure the template settings as needed, and then click Save. To apply the configuration template, click OK in the confirmation dialog box that opens, select target devices, and then click Apply.
2.
To apply a configuration template that has
been created, click the Apply icon 
for
that template, select a branch from the upper right corner of the work pane,
select target devices, and then click Apply.
3. To view template deployment results, click History. To reapply a history template that has failed to be applied, click Reapply. To export the history, click Export.
4.
To edit a configuration template, click the Edit icon 
for that template.
5.
To delete a configuration template, click
the Delete icon 
for that
template.
Configure wired authentication
1. To add a configuration template, click Add, configure the template settings as needed, and then click Save. To apply the configuration template, click OK in the confirmation dialog box that opens, select target devices, and then click Apply.
2.
To apply a configuration template that has
been created, click the Apply icon 
for
that template, select a branch from the upper right corner of the work pane,
select target devices, and then click Apply.
3. To view template deployment results, click History. To reapply a history template that has failed to be applied, click Reapply. To export the history, click Export.
4.
To edit a configuration template, click the Edit icon 
for that template.
5.
To delete a configuration template, click
the Delete icon 
for that
template.
Configure a domain name whitelist
A user can access the network without authentication after its address is added to the domain name whitelist.
Configure a domain name blacklist
A user cannot access the network after its address is added to the domain name blacklist.
Configure 802.1X authentication
From the left navigation pane, select Settings > Routers > 802.1X Auth.
For more information, see "Configure 802.1X authentication."
Manage users
This task allows you to manage authentication users.
· Guest List—You can display all endpoints connected and their basic information. You can also view endpoints details and access the blacklist feature from this page.
· Blacklist—You can denying an endpoint from coming online by adding its MAC address to the blacklist. You can also view the list of MAC addresses on the blacklist.
· Fixed Account—You can import and export fixed accounts in bulk. You can also set the validity period and the maximum number of people that can use a fixed account, and bind a MAC address.
Configure switches
Configure basic settings
1. From the left navigation pane, select Settings > Switches > Basic Settings.
2. Select a branch and a site from the top of the work pane.
The page that opens displays basic info, panel info, interface settings, and interface list.
Basic information about a switch includes the device name, model, MAC address, device SN, and version.
The Panel Info area displays software version, interface type and state, and PoE state information for a switch.
3. Perform the following tasks in the Panel Info area:
¡ To enable auto refreshing of port states on the switch panel, select Auto Refresh. The system refreshes the port states on the switch panel every 5 minutes in an hour.
¡ To view module information for a switch, select a switch from the Member list, and then select a module from the Module list.
¡ To synchronize basic settings on the switch to the cloud platform, click Synchronize.
¡ To restart PoE interfaces in bulk, select one or multiple interfaces, and then click Bulk Restart PoE Interfaces.
4. On the Summary tab, perform the following tasks:
a. View statistics about interfaces on the switch, including the following:
- Interface type
- Link state
- Whether PoE is supported
- Inbound and outbound rates
- Inbound and outbound unicasts
- Inbound and outbound non unicasts
- Discarded inbound and outbound non-error packets
b. To customize the columns to be displayed on the interface list, click + / -.
c. To clear statistics about specific interfaces, click Bulk Delete. To clear statistics about all interfaces, click Clear All.
5. To manage an interface, select that interface on the device panel. You will be placed on the Interface Management tab.
6. Configure interface settings such as management state, duplex mode, interface type, PVID, rate, flow control, and bandwidth as required, and then click Submit.
The configured settings will be displayed on the interface list.
7. To manage VLAN settings, click the VLANs tab.
The page that opens displays VLAN information, including VLAN ID, untagged ports, tagged ports, VLAN interface IP, subnet mask, and VLAN description.
¡ To view all the tagged or untagged ports in a VLAN, click the number link in the Tagged Ports or Untagged Ports column for that VLAN.
¡ To
edit a VLAN, click the Edit icon 
in the Actions column for that VLAN.
¡ To
delete a VLAN, click the Delete icon 
in the Actions column for that VLAN.
¡ To delete specified VLANs, click Custom Deletion, enter VLAN IDs or VLAN ID ranges, and then click OK.
¡ To add a VLAN, click Add.
8. To configure link aggregation, click the Link Aggregation tab.
The page that opens displays link aggregation information, including aggregation group ID, description, aggregation mode, and member ports.
¡ To
view all the member ports of a group, click the 
icon in the Member Ports column for
that group.
¡ To
edit an aggregation group, click the Edit icon 
in the Actions column for that group.
You can edit the aggregation type, aggregation mode, description, and member
ports.
¡ To
delete an aggregation group, click the Delete icon 
in the Actions column for that group.
¡ To add an aggregation group, click Add.
¡ To delete specific aggregation groups, select the groups, and then click Bulk Delete.
9. To configure port isolation, click the Port Isolation tab.
The page that opens displays link aggregation information, including isolation group ID and member ports.
¡ To
view all the member ports of a group, click the 
icon in the Port List column for that
group.
¡ To
edit an isolation group, click the Edit icon 
in the Actions column for that group.
You can edit the member ports.
¡ To
delete an isolation group, click the Delete icon 
in the Actions column for that group.
¡ To add an isolation group, click Add.
¡ To delete specific isolation groups, select the groups, and then click Bulk Delete.
10. To configure PoE settings, click the PoE tab.
The PIs tab displays statistics about PIs, including detection state, current power, peak power, and port priority.
¡ To configure a PI, select that PI in the device panel, enable or disable PoE, configure PI settings such as port priority and maximum power as needed.
¡ To restart a PI, click Restart in the Restart PI column for that PI.
¡ To restart multiple PIs, select the PIs, and then click Bulk Restart PIs.
11. To manage the PSE, click the PSE tab:
¡ To enable or disable non-standard PD detection, click On or Off for the Non-Standard PD Detection field.
¡ Specify the power alarm threshold, and click Submit.
Configure the region code
The region code determines the working band, channel, and transmit power of radios. Make sure you specify a correct region code that does not violate the local regulations.
1. From the left navigation pane, select Settings > Routers > Region Codes.
2. Select a device at the upper-right corner of the page.
3. Select a region code based on the actual location of the device, and then click OK.
Configure 802.1X authentication
From the left navigation pane, select Settings > Switches > 802.1X Auth.
For more information, see "Configure 802.1X authentication."
Maintain
Upgrade device software
Restrictions and guidelines
· You can upgrade only online devices.
· A recommended version is an optimal version recommended based on the upgrade risks and performance. A recommended version is selected by default.
Procedure
1. From the left navigation pane, select Maintain > Upgrade.
2. Select a branch and a site from the top of the work pane.
3. Click the Upgrade by Device or Upgrade by Model tab, select the version number, select the devices or models, and then click Upgrade.
4. In the dialog box that opens, select an upgrade method, and then click OK. Options include Upgrade and Reboot, Upgrade, Save, and Reboot, and Upgrade Only.
5. To view upgrade details, click the Upgrade Details tab.
¡ The Devices Being Upgraded area displays current software version, upgrade progress, and upgrade start time for the devices being upgraded.
¡ The Upgraded Devices area displays current software version, upgrade state, and failure reason for the upgraded devices.
Manage private software versions
1. From the left navigation pane, select Maintain > Private Versions.
The page that opens displays the version name, applicable device model, category, and devices, and version description for the private software versions.
2. To manage private software versions, perform the following tasks:
¡ To
delete a version, click the Delete icon 
in the Actions column for that version.
To delete one or multiple version in bulk, select the versions, and then click Delete on top of the version list.
¡ To
edit a version, click the Edit icon 
in the Actions column for that version.
You can edit all information excluding image file.
¡ To
upgrade a version, click the Upgrade icon 
in the Actions column for that version.
For more information, see "Upgrade device software."
¡ To refresh the version list, click Refresh on top of the version list.
3. To upload a version, click the Version Upload tab, configure the following parameters, and then click OK:
¡ Version Name: Specify a name for the version.
¡ Version Description: Specify a description for the version.
¡ Device Model: Select a device category, and then select models, or enter a model keyword in the field to filter device models, and then select the models.
¡ Image File: Click Select File to select a file, and then click Open. You can upload a maximum of 10 versions.
Use the CLI helper
Restrictions and guidelines
This task is available only for ACs, routers, switches, and specific cloud-managed APs.
Procedure
1. From the left navigation pane, select Maintain > CLI Helper.
2. Select a branch, a site, and a device from the top of the work pane.
3. Enter the username and password and click Connect in Password Verification for Telnet Login.
4. To view basic device information, network information, or monitoring information, click Basic Info, Network Info, or Monitoring Info in the Common Commands area to the right of the page.
5. To set the cache size, click Set Cache.
6. To export operation records, select Export Records, configure the export file name, and click OK.
Access the file system
Restrictions and guidelines
This task is available only for ACs, routers, switches, and specific cloud-managed APs.
Procedure
1. From the left navigation pane, select Maintain > File System.
2. Select a branch, a site, and a device from the top of the work pane.
3. Click General or Advanced to switch the display mode.
4. In general mode, click Manage for a specific file type.
5. To upload a file, make sure the AC has sufficient space, click Upload, and then select the file to upload. File upload is available only in Advanced mode.
6. To download a file, select the file, and then click Download.
7. To rename a file, select the file, and then click Rename. You cannot rename a folder.
8. To delete a file, select the file, and then click Delete. Deleted files cannot be restored. Use this function with caution.
Restore the configuration
Restrictions and guidelines
This task is available only for ACs, routers, switches, and specific cloud-managed APs.
Procedure
1. From the left navigation pane, select Maintain > Restore.
2. Select a branch, a site, and a device from the top of the work pane.
3. To add a restore point, click Create, enter the reason, specify whether to use this file as the next startup configuration file, and then click OK.
4. To restore the current configuration of the device to the specified restore point, select the target configuration file, and then click Restore.
5. To configure automatic backup, click Auto Backup, specify the backup interval, and then specify the maximum number of backup copies. For more information, see "Enable or disable services."
Maximum number of backup copies is the maximum number of configuration files that you want the cloud platform to save for configuration restoration.
If you select Weekly as the backup interval, the system backs up configuration automatically on every Sunday. If you select Monthly as the backup interval, the system backs up configuration automatically at 01:00 to 04:00 the first day of every month. If the device is offline, the system retries at 06:00 to 09:00, 11:00 to 13:00, and 19:00 to 21:00.
6.
To view detailed information about a restore
point, click the Details icon 
.
7.
To delete a restore point, click the Delete
icon 
.
Compare configuration
Restrictions and guidelines
You can only import configuration files with a size smaller than 10 M.
Procedure
1. From the left navigation pane, select Maintain > Compare Cfg.
2.
To compare local configurations, click Load
Local Configuration File or click the Load Local Configuration File
icon 
in the upper right corner, and then select a local file.
3. To compare configurations on devices, perform the following tasks:
a.
Click Read Device Configuration File or
click the Read Device Configuration File icon 
in the upper right corner.
b. In the dialog box that opens, select a site, select a device, select a configuration, Running, Local, Cloud-Backed Up, and then click OK. If the device is offline, you can select only Cloud-Backed Up.
Configuration differences will be highlighted, and number of different command lines will be displayed at the bottom of the page.
Maintain devices
Restrictions and guidelines
You can restart only online devices.
Procedure
1. From the left navigation pane, select Maintain > Device Operation.
2. Select a branch and a site from the top of the work pane.
3. Click a device tab.
4. On the page that opens, select a device.
5. To save the running configuration on the device and then restart the device, click Save Config and Restart. During the restart process, the device is unavailable. Use this option with caution.
6. To restart the device immediately, click Restart. This operation removes unsaved configuration on the device. During the restart process, the device is unavailable. Use this option with caution.
7. To configure scheduled restart, click Scheduled Restart, select a restart policy, and configure a schedule. This operation removes unsaved configuration on the device. During the restart process, the device is unavailable. Use this option with caution.
8. To remove scheduled restart settings, click Remove Scheduled Restart Settings.
9. To save the configuration, click Save Config.
10. To reconnect the device to the cloud platform, click Reset Cloud Connection. Use this option when cloud platform connection errors occur.
Use tools to manage devices
Restrictions and guidelines
AP LED quiet mode configuration is available only for fit APs associated with an AC and cloud-managed APs.
Packet capture is available only for fit APs associated with an AC.
Procedure
1. From the left navigation pane, select Maintain > Tools.
2. Select a branch and a site from the top of the work pane.
3. To perform a ping operation, enter the destination address, and then click Execute on the Ping tab.
4. To use the advanced ping function, click Advanced, specify the destination IP address, source IP address, packet size, and packet quantity, and then click Execute.
The ping results will be displayed on the execution result list.
5. To view details about a successful ping operation, click View Details in the View Details column for that ping operation. To view the details in a graph, click Graph View. To view the details in a table, click Table View.
6. To perform a tracert operation, click the Trace tab, enter the destination address, and then click Execute.
7. To use the advanced tracert function, click Advanced, specify the destination IP address, source IP address, destination port, initial TTL, max TTL, timeout, and packet quantity, and then click Execute.
8. To view details about a successful tracert operation, click View Details in the View Details column for that tracert operation. To view the details in a graph, click Graph View. To view the details in a table, click Table View.
9. To configure AP LED quiet mode, click the AP LED Quiet Mode tab.
10. On the page that opens, enable LED quiet mode, select a quiet period, and then click Submit. If you select Custom as the quiet period, you must specify the start time and end time.
Replace devices
Perform this task to synchronize device configuration to the cloud platform and replace a device when the device fails.
Procedure
1. From the left navigation pane, select Maintain > Replace Devices.
2. Select a branch and a site from the top of the work pane.
3.
On the Replacement tab, click the Sync
Now icon 
in the Actions column for a device, and then select Do
Not Save or Save & Continue.
4. For the system to automatically synchronize device configuration, enable Auto Sync, and then click Auto Sync Time to specify an auto sync time. Then the system will synchronize configuration changes to the cloud platform when the device comes online or at the specified time.
5.
Click the Replacement icon 
in the Actions column for a device, and then select Register
New Device & Replace or Replace with Registered Device.
6. To replace an AP, click Replace AP, and then enter the old AP SN and new AP SN.
7. To view replacement records, click the Records tab. You can refresh the page to view the most recent records.
Messages
Manage alarms
Restrictions and guidelines
You can edit the default alarm policy but cannot delete it.
View or export alarms
Procedure
1. From the left navigation pane, select Messages > Alarms.
The List tab displays alarm statistics collected during the specified time range.
2. To filter alarms, click Filter, specify the filtering criteria, and then click Search.
3. To export alarms, click Export.
The alarms will be exported to an Excel file.
4. To mark alarms as read, select target alarms and click Mark as Read.
5. To mark all alarms as read, click Mark All as Read.
6. To delete alarms, select target alarms and click Delete.
Parameters
1. Alarm Trend: Displays the alarm trend by alarm quantity.
2. Alarm Severity: Displays alarm distribution by alarm severity.
3. Alarm Type Top 5: Displays the five alarm types with the most alarms.
4. Alarm Info: Displays the alarm list.
Subscribe to alarms
Procedure
1. From the left navigation pane, select Messages > Alarms.
2. Click the Subscription tab.
3. To add an alarm policy, click Add and then configure policy settings as needed.
4. To edit an alarm policy, click the Edit icon for that policy. Then, configure policy settings as needed.
Parameters
· By Area: Enable or disable alarm generation by area. After you enable this function, the system generates alarms only for APs in the selected areas.
· Notification: Select the method through which alarms are notified. Options include:
¡ Display but Not Push.
¡ Email—Send alarm emails to the email addresses bound to the selected accounts. The system can send a maximum of 50 alarm emails to alarm receivers in a site every day, and a maximum of 1000 alarm emails to all receivers in all sites every day. The actual numbers might be higher.
· Triggered: Select the time during which alarms can be notified.
· Maintenance: Select a time range during which alarm notification or generation is forbidden.
· Info Sync: With info sync enabled, the system adds CPU usage, memory usage, channel usage, and online client quantity to the log content for the following types of logs: high channel usage, too many access clients.
· Accounts: Select the accounts that can receive the alarms.
· Alarm Info: Select types and severity levels of alarms to be notified. Available severity levels include Tip, Info, Minor, Major, and Critical. For device CPU, device memory, and AP bulk dropped alarms, you must also specify the alarm thresholds.
View operation logs
1. From the left navigation pane, select Messages > Operation Logs.
2. Click the Operation Logs tab.
3. To view user operation logs, click the User Operation Logs tab.
4. To view site import logs, click the Site Import Logs tab.
5. To view device import logs, click the Device Import Logs tab.
6. To view login logs, click the Login Logs tab.
System
Enable or disable services
Restrictions and guidelines
· Only Customer 5412 and later versions support smart O&M.
· Configuration synchronization is enabled for cloud-managed APs by default. As a best practice, keep it enabled, and disable it only when you want to use locally configured settings on the APs.
Procedure
1. From the left navigation pane, select System > Service Switches.
2. On the Smart O&M tab, enable or disable smart O&M.
3. To enable auto backup for a device, click the Auto Backup tab, select ON in the Service State column for that device, specify the backup interface and max backup copies, and then click OK. To enable auto backup for multiple devices in bulk, select the devices, click On on top of the list, specify the backup interface and max backup copies, and then click OK.
4. To disable autobackup for a device, select OFF in the Service State column for that device, and then click OK in the dialog box that opens. To disable auto backup for multiple devices in bulk, select the devices, click Off on top of the list, and then click OK in the dialog box that opens.
5.
To view backup information for a device,
click the View icon 
in the Actions column for that device.
6.
To view backup information for a device when
a lot of records exist in the list, click the 
icon in the upper right corner of the list, specify the device name
or device SN.
7. To enable or disable configuration synchronization for a cloud-managed AP, click the Cloud-Managed AP Config Sync tab.
8. On the page that opens, select ON or OFF in the Service State column for that AP, and then click OK. To enable or disable configuration synchronization for multiple cloud-managed APs in bulk, select the APs, click On or Off on top of the list, and then click OK.
9.
To view or edit settings for a cloud-managed
AP, click the View icon 
in the Actions column for that AP.
Manage subaccounts
About this task
The cloud platform provides five levels of accounts. A first-level account is called a tenant (super account) and accounts of any other level are called subaccounts. Each tenant can manage a maximum of 500 subaccounts. A parent account has the following permissions:
· Manage its subaccounts.
· View subaccounts and sites created by its subaccounts, if any.
· View operation logs about its subaccounts.
For a subaccount, the supported cloud platform features are determined by its role and the manageable branches and sites are authorized by its parent account. A subaccount can have the following roles:
· Full-Privilege—Has the same privileges as a tenant and can create subaccount.
· Monitor—Has monitoring privileges and does not have configuration and management privileges. This type of account cannot create subaccounts.
· O&M—Has configuration and management privileges and can create subaccounts.
· Demonstration—Has only read privileges to all modules and cannot create subaccounts.
· Operations—Is in charge of operations related services such as user traffic analysis and advertisement pushing and can create subaccounts.
· Configuration—Has network configuration privileges and can create subaccounts.
Procedure
1. From the left navigation pane, select System > Subaccounts.
2.
To add a subaccount, click the Add
icon 
for the account and then configure subaccount settings as needed.
3.
To assign branch and site permissions to a
subaccount, click the Permission icon 
for that account and then select branches and sites as needed.
4.
To edit a subaccount, click the Edit
icon 
for that account and then configure account settings as needed.
5.
To delete a subaccount, click the Delete
icon 
for that account.
Manage your account
Restrictions and guidelines
When you configure IP login limit, follow these restrictions and guidelines:
· With this feature configured, you can use the account to log in to the cloud platform only at specific IP addresses. If the login request is from an IP address out of the specified IP range, the system prompts username or password error.
· After you enable IP login limit, the system displays the current network egress IP address and adds the address to the permitted range by default.
· You can add a maximum of 30 IP address ranges as the permitted ranges.
· Each octet of an IP address must be an integer in the range of 0 to 255. The first octet of an address cannot be 0 or 127 or in the range of 224 to 225.
Account management
1. From the left navigation pane, select System > Account.
2. On the Account Management tab, edit account settings as needed.
¡ In the Basic Info area, edit the account password, email address, and profile photo (up to 2 M) or delete the account.
¡ In the Service Info area, select the industry, specify the enterprise name, and edit the enterprise logo.
¡ In the Contact Info area, specify the contact address.
3. To configure security settings, click the Account Security Settings tab, and then configure login email notification, login verification, login lockout, and IP login limit as needed.
4. To configure MSP account settings, click the MSP Management tab.
¡ To specify the current account as a general account, select General Account, select whether to authorize MSP management, specify the other settings, and then click OK.
The Request Records list displays MSP management requests of the current account. You can view the request approval status and click the cancellation icon for an entry to revoke the authorization.
¡ To specify the current account as an MSP account, select MSP account, select whether to enable auto approval, and then click Manage Tenants to access the Tenants page.
Auto approval enables the system to approve all hosting requests automatically. For more information about tenant management, see "Manage tenants."
Login with Microsoft account
Perform this task to log in to the INC Cloud platform directly through the Microsoft application program.
Prerequisites
Prepare a Microsoft Entra management center account, which is a Microsoft Azure account. You can apply on the official Microsoft website.
Prepare a INC Cloud account. The INC Cloud account is used to enable SAML SSO features and configure roles for use with the Microsoft Entra management center.
Create an application in the Microsoft Entra management center
1. Enter the Microsoft Entra management center, and navigate to Identify > Applications > Enterprise applications.
2. Click New Application.
3. Click Create your own application.
4. Configure the application name. In this example, the application name is cloudnetlogin. Select Integrate any other application you don't find in the gallery (Non-gallery), and then click Create.
5. Return to the Enterprise applications page. After successfully installing the application cloudnetlogin, you can see cloudnetlogin in the application list.
Create an application role for an application
Create an application role for the cloudnetlogin application in the Microsoft Entra management center.
1. Make sure the role configured in the Microsoft Entra management center is consistent with the role configured on the INC Cloud platform.
a. Navigate to Identity > Applications > App registrations.
b. Find cloudnetlogin in the application list.
2. Click the cloudnetlogin application. From the navigation pane, select App roles. Click Create app role.
3. Add a user role for the cloudnetlogin application in the Microsoft Entra management center.
4. Access the Overview page of the cloudnetlogin application. Click Assign users and groups.
5. Click Add user/group, select users who can access INC Cloud, and assign roles to them.
6. After completing role assignment, click Add Assignment. The user list then displays users of the cloudnetlogin application in the Microsoft Entra management center.
7. Enable SAML SSO in the Microsoft Entra management center.
Navigate to the Enterprise applications page, and click Single sign-on for the cloudnetlogin application.
8. Select SAML as the single sign-on method. On the Basic SAML Configuration page, click the Edit icon to edit the identifier and reply URL. The reply URL is generated in INC Cloud.
9. Click Add identifier, enter https://inccloud.intelbras.com.br in the Identifier field, enter the generated reply URL, and then click the Save icon.
10. Copy the thumbprint in the SAML certificate.
Enable SAML SSO in INC Cloud
11. Log in to the INC Cloud platform, navigate to the Network > System > Account > Login with Microsoft Account, and enable SAML SSO.
12. Enter the fingerprint, click Save. After you save the fingerprint, the system automatically generates a unique assertion address. Copy the assertion URL and save it for backup.
|
|
NOTE: To obtain the fingerprint in Microsoft Entra, access the Enterprise applications page, find application cloudnetlogin, select Single sign-on, and locate the fingerprint in the third SAML certificate. |
Return to the Microsoft Entra homepage and locate the cloudnetlogin application. On the SAML-based Sign-on page, click Edit.
Enter the assertion URL in the Reply URL (Assertion Consumer Service URL) field, and then click Save.
13. Create an SAML administrator role in INC Cloud
Navigate to Network > System > Account > Login with Microsoft Account, click Add Role in the SAML Role section, add an SAML role, and select the role permissions.
14. Configure role permissions.
Configure branch permissions or site permissions for the SAML role.
Log in through the Microsoft app
Visit https://myapps.microsoft.com/, log in, and then click the cloudnetlogin app to directly access the INC Cloud platform.
Smart operations and maintenance
Access the smart O&M menu
Restrictions and guidelines
For cloud-managed APs, you can use smart O&M functions without enabling the smart O&M feature.
Procedure
1. On the top navigation bar, click Network.
2. From the left navigation pane, select System > Service Switch.
3. Select the Smart O&M tab.
4. Select one or more sites, and then click On.
Figure 30 Enabling smart O&M
5. To access the smart O&M menu, use the following methods:
¡ Click
the Advanced Maintenance icon 
for the site.
¡ Click Smart O&M on the top navigation bar.
Access the dashboard
View summary information
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Dashboard > Summary.
3. Select a site and a device or area from the top of the page.
Parameters
· Network Health: Displays the score of the entire network. The network is graded based on the AC, AP, and client scores in the site.
· Health Status: Displays the proportion of each network health state in the site during the specified time range based on statistics collected at intervals of 5 minutes.
· Affected AP Statistics: Displays the proportion of APs affected by network issues and the proportion of APs not affected by network issues.
· Affected Client Statistics: Displays the proportion clients affected by network issues and the proportion of clients not affected by network issues.
· Alarms: Displays the number of alarms at each severity level, the total number of alarms, and the number of active alarms.
· Online Devices: Displays the online device quantity and total device quantity by device type. If you select only one AC, the system displays only information about APs associated with the AC. If you specify a site, the system displays information about APs in the site.
· Health Scores: Displays the health score trend of ACs, APs, clients, routers, and switches during the selected time range in the site. The system collects health statistics at intervals of 5 minutes.
¡ AC Health: Displays AC scores in a trend graph. ACs are graded based on CPU usage and traffic.
¡ AP Health: Displays AP scores in a trend graph. APs are graded based on channel usage, client quantity, and client RSSI.
¡ Client Health: Displays client scores in a trend graph. Clients are graded based on channel usage, RSSI, and roaming frequency.
¡ Switch Health: Displays switch scores in a trend graph. Switches are graded based on CPU usage and memory usage.
¡ Router Health: Displays router scores in a trend graph. Routers are graded based on CPU usage and memory usage.
· You can click the AC, AP, client, router or switch health link to access the detailed health information page.
· Issue Distribution: Displays statistics about issues occurred on the specified devices in the site or the specified devices in the area during the selected time range. To view the issue analysis, click the issue name link. For more information, see "View issue information."
· Issue Trend: Displays issue trend during the selected time range. You can filter issues by issue type. The system collects issue statistics at intervals of 5 minutes.
· Client Association Trend: Displays the number of associated clients on all devices or the specified device during the selected time range in the site. The system collects client statistics at intervals of 5 minutes.
· Traffic Trend: Displays uplink and downlink traffic trend on the specified devices in the site or the specified devices in the area during the selected time range. The system collects traffic statistics at intervals of 5 minutes.
View clients, radio, and AP information
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Dashboard > Connecting.
3. Select a site and a device or area from the top of the page.
4. Click Refresh to view the latest client, radio, and AP information.
Parameters
· Client: Displays the total number of clients in different client modes, the number of 5 GHz clients, and the number of 2.4 GHz clients.
In the Details area, the system displays client information such as the client health, RSSI, packet loss, retransmission, latency, uplink/downlink rate, and traffic by value ranges. If you click a specific value range for an indicator, the system navigates to the Online Client List page that displays online clients filtered by the indicator in the specified value range.
· Radio: Displays the total number of radios in different radio modes, the number of 5 GHz radios, and the number of 2.4 GHz radios.
In the Details area, the system displays radio parameter information such as the channel usage, RSSI, packet loss, retransmission, latency, uplink/downlink rate, and clients by value ranges. If you click a specific value range for an indicator, the system navigates to the Radios page that displays radios filtered by the indicator in the specified value range.
· AP: Displays AP health score, CPU usage, and memory usage by value ranges.
If you click a specific value range for an indicator, the system navigates to the APs page that displays online APs filtered by the indicator in the specified value range.
Perform area analysis
Area analysis allows you to create sub-areas to monitor APs and clients in the network based on the area created in Area Management.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Dashboard > Area Analysis.
3. Select a site and a device or an area from the top of the page.
4. On the Area Details tab, you can perform the following tasks:
¡ To
add an area, click the Add icon 
, specify the location and area name, and click Submit.
After an area is added, you can add APs to the area immediately or return to the Area Details page to select an area for adding APs.
¡ To
bind APs, click the Bind AP icon 
in the Operate column for an area. On the page that opens,
add or remove one or more APs to or from the area and then click Submit.
¡ To
restart APs, click the Restart AP icon 
in the Operate column for an area. The system restarts all
APs in the area.
¡ To
edit an area, click the Edit icon 
in the Operate column for the area. On the page that opens,
edit the location and area name.
¡ To
delete an area, click the Delete icon 
in the Operate column for the area. You cannot delete the
area if APs exist in the area.
5. To view total APs, online AP rate, AP health, AP disassociation in past week, health, CPU count, and memory count for each area, click the AP Statistics tab.
6. To view AP and radio statistics for each area, click the AP Details tab.
7. To view client data, authentication methods, client types, and radio statistics such as the health, rate, RSSI, packet loss rate, retransmission rate, and latency for each area, click the Client Statistics tab.
8. To view access client details such as client MAC addresses, usernames, authentication methods, security, rates, health, associated APs, and radios for each area, click the Client Details tab.
Manage issues
View issue information
Restrictions and guidelines
· Issue statistics displayed on the page are collected from the specified device during the selected time range, unless otherwise stated.
· Issues reported by an AP might occur on the AP or a client associated with the AP, or in the WLAN environment. Network administrators must analyze an issue step by step to find the root cause.
Procedure
Access the Smart O&M menu.
To access the Issue Analysis page, use the following methods:
On the Dashboard page, click an issue type in the Issue Distribution area.
From the left navigation pane, select Issues > Issue Analysis.
Select a site and a device or an area from the top of the page.
Click the Dashboard icon 
or an
issue type.
Parameters
For the dashboard:
· Issue Distribution: Displays all issues occurred on specified devices in the site or the specified devices in the area during the selected time range.
· Issue Trend: Displays the trend of issues. You can filter issues by issue type. The system collects issue statistics at intervals of 5 minutes.
· Affected AP Statistics: Displays the proportion of affected APs and the proportion of unaffected APs.
· Affected Client Statistics: Displays the proportion of affected clients and the proportion of unaffected clients.
For a specific issue type:
· Statistics: Displays the numbers of issues, involved APs, involved clients, and online clients. The system collects statistics at intervals of 5 minutes.
You can use the scroll bar below the chart to adjust the time range displayed in the line chart.
To view detailed information for a specific moment, click the point of time on the X coordinate in the line chart.
· Statistics Analysis: Displays the cause distribution and issue trend by cause. This tab is available only for some issue types.
· Involved APs: Displays information about APs affected by the issues, including AP name, AC, issue occurrences, and involved client quantity. This tab is available only for some issue types.
To view detailed information about an AP or AC, click the AP or AC name.
To view raw data about an AP and the issue type, click the issue occurrences.
· Involved Clients: Displays information about clients affected by the issues, including client MAC address, vendor, IP address, issue occurrences, and the most recent occurrence time. This tab is available only for some issue types.
To view raw data about a client and the issue type, click the issue occurrences.
· Raw Data: Displays detailed information about issues of the type, including the occurrence time and client, AP, AC, and radio information.
The items displayed vary by issue type.
To view detailed information about an AP or AC, click the AP or AC name.
· Impact: Displays issue influence by occurrence or client. Each rectangle represents a specific issue and has the numbers of occurrences for the top N involved items (device, client, or vendor) displayed on it. A larger rectangle represents a greater impact.
Add clients to the allowlist
Issue statistics of clients in the allowlist will not be collected.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Issues > Allowlists.
3. Select a site and a device or an area from the top of the page.
4. Click Add.
5. Enter the MAC address of the client to be added to the allowlist and the reason.
6. Click OK.
View client statistics
View client health information
Restrictions and guidelines
The displayed time interval varies by the specified time span.
Procedure
1. Access the Smart O&M menu.
2. To access the Client Health page, from the left navigation pane, select Clients > Wireless > Health.
3. Select a site and a device or an area from the top of the page.
4. To view detailed information about clients associated with 5 GHz, 2.4 GHz or all radios, click the bar for a specific moment in the Client Health graph.
The Health Details area displays detailed information about the clients. The system scores a client based on indicators such as the channel usage, RSSI, and uplink/downlink rate. The radio load represents the total number of clients that access the radio. To display more columns, click the + / - icon, and then select the target columns.
5. To save the data about clients associated with 5 GHz, 2.4 GHz or all radios, click Export in the Health Details area. The data will be saved as an electronic form in compressed format.
6. To view health statistics about clients associated with 5 GHz, 2.4 GHz, or all radios, click 5 GHz, 2.4 GHz, or All, respectively in the Client Health graph.
7. To view detailed information about a client, click the MAC address link of the client in the Health Details area.
8. To view detailed information about the AP associated with a client, click the associated AP link in the Health Details area.
9. To view detailed information about the AC associated with a client, click the associated AC link in the Health Details area.
Parameters
· Excellent: The client has a score of 80 or higher.
· Good: The client has a score in the range of 65 (included) to 80.
· Average: The client has a score smaller than 65.
View client health information in common mode
Restrictions and guidelines
· The system collects client connection statistics at intervals of 5 minutes.
· For ACs, only ACs of version 5420 or higher supports deep analysis. Before using deep analysis on the cloud platform, execute the wlan client inspect enable command in AP view or AP group view from the CLI of the device.
Procedure
1. Access the Smart O&M menu.
2. To access the Client Health page, from the left navigation pane, select Clients > Wireless > Health.
3. Select a site and a device or an area from the top of the page.
4. Click the MAC address link of a client in the Health Details area. You are placed on the Client Info tab.
5. To view detailed information about the AP or AC associated with the client, click the AP or AC name in the Connection Info area.
Parameters
· Statistics: Displays client uplink rate, downlink rate, and average signal strength.
· Basic Client Info: Displays MAC, IP, IPv6, vendor, client mode, and username about the client.
· Connection Info: Displays the client online status, access service, associated AP, and associated AC. To view detailed information about an AP or AC, click the AP or AC name.
· Score Trend: Displays the client score for a specific moment when you hover over the trend graph.
· Client Logs: Displays client online, offline, and roaming events and client operation exceptions.
¡ Rate Level: Displays packet transmission information between AP and client by rate level range when you click Rate Level, which is available for an offline event or online event of an online client.
¡ Deep Analysis: Displays the packet exchange process when you click Deep Analysis, which is available for an online event, online failure event, online process deep analysis event, DHCP lease extension event, DHCP address application event, DNS event, and ARP event.
¡ Packet Failure Percentage: Number of packets that have failed to be sent at a certain rate level to the total number of packets sent at that rate level.
View client health information in expert mode
Procedure
1. Access the Smart O&M menu.
2. To access the Client Health page, from the left navigation pane, select Clients > Wireless > Health.
3. Select a site and a device or an area from the top of the page.
4. Click the MAC address link of a client in the Health Details area, and then click the Expert Mode tab.
Parameters
· Basic Client Info: Displays MAC, IP, IPv6, vendor, client mode, and protocol type about the client.
· Health Report: Displays metrics and their current values and reference values.
¡ The current value is the average value of each metric in the previous statistics collection period.
¡ If
the current value exceeds the reference value, a red icon 
appears after the reference value.
¡ If the client is offline, the current value displays the client information before it goes offline.
· Client Connection Info: Displays signal strength, uplink and downlink traffic, uplink and downlink rate, uplink and downlink packets, retransmission rates, packet loss rate, latency, channel usage, and radio load.
To view detailed information, click the trend graph for a specific metric.
· Neighbor Client: Displays the number of clients (including the client itself) that come online on the same radio as a client during each time period. The system collects neighbor client statistics at intervals of 5 minutes. To view detailed information about the clients, click the bar for a specific moment in the graph.
· Client Logs: Displays client online, offline, and roaming events and client operation exceptions. To edit columns to display, click the + / - icon.
¡ Rate Level: Displays packet transmission information between AP and client by rate level range when you click Detail in the Rate Level column, which is available for an offline or online event of an online client.
¡ Deep Analysis: Displays the packet exchange process when you click Detail in the Deep Analysis column, which is available for an online event and online failure event.
¡ Packet Failure Percentage: Number of packets that have failed to be sent at a certain rate level to the total number of packets sent at that rate level.
View online client list
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Clients > Wireless > Online Clients.
3. Select a site and a device or an area from the top of the page.
4. In the Online Client List area, click Filter. In the expand section, specify the parameters and click Search.
5. To view the latest online client information, click Refresh.
View authentication analysis results
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Clients > Wireless > Access Analysis.
You are placed on the Authentication tab.
3. Select a site and a device or area from the top of the page.
Parameters
· Access Success Rate Trend: Displays distribution of clients by access success rate in the specified time range. The system collects client statistics at intervals of 5 minutes.
· By Avg Durations: Displays distribution of clients by average association and authentication durations every hour, every day, or every week. If you click Week at the upper right of the graph, the graph displays statistics in the last week.
The association and authentication duration of clients that fail to access the network will not be counted.
· By Avg Authentication Durations: Displays distribution of clients by average 802.1X and MAC authentication durations every hour, every day, or every week. If you click Week at the upper right of the graph, the graph displays statistics in the last week.
The authentication duration of clients that fail the authentication will not be counted.
View association and disassociation analysis results
Restrictions and guidelines
The system collects the statistics every hour.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Clients > Wireless > Access Analysis.
3. Click the Association and Disassociation tab.
4. Select a site and a device or an area from the top of the page.
5. To save the data, click Export in the target area. The data will be saved as an electronic form in compressed format.
Parameters
· By Abnormal Accesses: Displays the abnormal client access trend. The system collects statistics every hour. Only reasons about clients with the top 10 abnormalities are displayed.
· By Disassociations: Displays the client disassociation trend. The system collects statistics every hour. Only reasons about clients with the top 10 disassociations are displayed.
· Abnormal Clients Top 100: Displays statistics about clients with access exceptions at a specific time when you click the bar for that time in the By Abnormal Accesses graph.
· APs with Most Abnormal Clients Top 100: Displays statistics about APs with which clients with access exceptions were associated at a specific time when you click the bar for that time in the By Abnormal Accesses graph.
· Disassociated Clients Top 100: Displays top 100 disassociated clients at a specific time when you click the bar for that time in the By Disassociations graph.
· APs with Most Disassociated Clients Top 100: Displays top APs with the most disassociated clients at a specific time when you click the bar for that time in the By Disassociations graph.
View IP monitoring results
Restrictions and guidelines
· IPv4 address monitoring is enabled by default. You can execute the undo client ipv4-snooping dhcp-learning enable or undo client ipv4-snooping arp-learning enable command in wireless service template view to disable the client from obtaining IPv4 addresses through DHCP or ARP, respectively.
· IPv6 address monitoring is disabled by default. You can execute the client ipv6-snooping dhcpv6-learning enable or client ipv6-snooping nd-learning enable command in wireless service template view to enable the client to obtain IPv6 addresses through DHCPv6 or ND, respectively.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Clients > Wireless > Access Analysis.
3. Click the IP Monitoring tab.
4. Select a site and a device or an area from the top of the page.
5. To view detailed information about a client, click the MAC address link in the IPv4 Monitor table.
6.
To view detailed information about IPv4
monitoring, click the IPv4 Monitor Details icon 
for the target client in the IPv4 Monitor table.
7.
To view detailed information about IPv4
monitoring, click the IPv6 Monitor Details icon 
for the target client in the IPv6 Monitor table.
8. To save the data, click Export. The data will be saved as an electronic form in compressed format.
Parameters
· IPv4 Monitor: Displays information about clients when they obtain an IPv4 address through DHCP for the first time.
· IPv4 Monitor Details: Displays detailed information about IPv4 monitor for the target client.
· IPv6 Monitor: Displays information about clients when they obtain an IPv6 address through DHCPv6 for the first time.
· IPv6 Monitor Details: Displays detailed information about IPv6 monitor for the target client.
· Online Duration—Time elapsed since a client came online and to the time when the client obtained an IPv4 or IPv6 address for the first time.
· Detection Via—The method used to obtain an IPv4 or IPv6 address for a client when it comes online or it's IP addresses change.
View client statistics
Restrictions and guidelines
The system collects statistics about client quantity and traffic at intervals of 5 minutes.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Clients > Wireless > Summary.
3. Select a site and a device from the top of the page.
Parameters
· Current Total Clients: Displays the total number of clients in the site.
· Current 5 GHz Clients: Displays the total number of 5 GHz clients in the site.
· Current 2.4 GHz Clients: Displays the total number of 2.4 GHz clients in the site.
· By WLAN Service: Displays distribution of clients by associated wireless services.
· By Vendor: Displays distribution of clients by vendor.
· By Authentication Method: Displays client statistics by authentication method.
· By AP Group: Displays client statistics by AP group.
· Client Type: Displays types of clients on the specified devices in the site or the specified devices in the area during the selected time range.
· Client Association Trend (By AP Group): Displays the top 32 AP groups that have the most associated clients on the specified devices in the site or the specified devices in the area during the selected time range. To save the data, click Export. The data will be saved as an electronic form in compressed format.
· Client Association Trend (By Wireless Service): Displays the top 16 wireless services that have the most associated clients on the specified devices in the site or the specified devices in the area during the selected time range. To save the data, click Export. The data will be saved as an electronic form in compressed format.
· Client Association Trend (By Frequency Band): Displays distribution of 2.4 GHz and 5 GHz clients.
· Client Traffic Trend (By Frequency Band): Displays client statistics by total uplink and downlink traffic.
· TOP N Clients by Total Traffic: Displays top 10, top 20, top 30, top 40, or top 50 clients by total traffic. You can click the bar for a specific time in the Client Traffic Trend (By Frequency Band) graph to expand the list.
View network information
View AC information
Restrictions and guidelines
The system collects statistics about CPU usage and memory usage at intervals of 5 minutes and collect statistics about port traffic at intervals of 5 minutes.
Procedure
1. Access the Smart O&M menu.
2. To access the AC Health page, from the left navigation pane, select Network > ACs.
3. Select a site from the top of the page.
Parameters
AC Statistics
· Online ACs: Displays the number of online ACs.
· Total ACs: Displays the number of total ACs.
· AC Model: Displays all AC models in the site (offline AC models included.)
· AC List: Displays information about all ACs in the current site, such as AC name, AC state, total APs, APs (R/M), APs (R/B), APs (idle), online duration, and online clients. To display more columns, click the + / - icon, and then select the target columns.
¡ Uplink Rate (LAN)—Rate of packets received from all LAN ports.
¡ Downlink Rate (LAN)—Rate of packets sent from all LAN ports.
¡ Uplink Rate (WAN)—Rate of packets received from all WAN ports.
¡ Downlink Rate (WAN)—Rate of packets sent from all WAN ports.
The port rate statistics are refreshed every 30 seconds.
The list displays device scores in the selected time span.
To edit the name of an AC, click the Edit icon 
for the AC.
· AC CPU Usage Top 5: Displays the top 5 ACs with the highest CPU usage at the time when the last statistics collection was performed.
· AC Memory Usage Top 5: Displays the top 5 ACs with the highest memory usage at the time when the last statistics collection was performed.
AC Details
· Basic AC Info: Displays AC name, MAC, SN, model, software version, and last reboot reason.
For ACs in an IRF fabric, multiple values are displayed in MAC, SN, and Last Reboot Reason fields.
· AC Capabilities: Displays the maximum number of APs, maximum number of clients, and license information.
· AC Score: Displays the AC score. The system also displays the reasons if the AC score is low. The system collects AC score statistics every 5 minutes.
· CPU Usage: Displays the CPU usage trend of the AC.
· Memory Usage: Displays the memory usage trend of the AC.
· Port State: Displays port states. To view traffic information for a port. Click the port on the device panel. Ports of the same border color belong to the same aggregation group. Some device models do not support displaying port states.
The Port Traffic section displays traffic information for all ports if no port is specified.
¡ Outbound Rate—Actual transmission rate to the negotiated rate on the port.
¡ Inbound Rate—Actual receiving rate to the negotiated rate on the port.
View AP health information
Restrictions and guidelines
The system collects statistics about client traffic and radio information at intervals of 5 minutes.
Procedure
1. Access the Smart O&M menu.
2. To access the AP Health page, from the left navigation pane, select Network > APs > Health.
3. Select a site and a device or an area from the top of the page.
4. To view health information for all AP radios in the site, click the bar for a specific moment in the AP Health graph.
5. To save the data in the Health Details area, click Export. The data will be saved as an electronic form in compressed format.
6. To view detailed AP information, click the name of an AP in the Health Details list.
7. To view detailed information about the AC associated with an AP, click the AC name in an AP list.
Parameters
AP Health
· AP Health: Displays AP health scores. Excellent: ≥ 80. Good: 65 (included) to 80. Average: ≤ 65.
· Health Details: Displays detailed health information for all APs in the site. To display more columns, click the + / - icon, and then select the target columns.
AP Details
· Basic AP Info: Displays AP name, MAC, model, associated AC, associated radios, uptime, association, and last reboot reason.
· AP Score Trend: Displays the AP score for each statistics collection period in the specified time range.
· Radio Info: Displays real-time and history radio usage in the specified time range.
¡ To view the details, click the trend graph.
¡ To view radio-based statistics, select a radio.
¡ To access the Doctor AP detection configuration page, click Doctor AP Test.
¡ To capture all packets on the operating channels for the AP, click Capture.
· Online Client Info: Displays the quantity of online clients in each statistics collection period in the specified time range. To view information about online clients for a moment, click the corresponding bar in the graph. The list that opens displays client MAC address, IPv4 address, IPv6 address, username, authentication method, uplink ARP packets, client scores, health, associated AP, associated radio, associated AC, and SSID.
¡ To customize the columns to display, click the + / - icon.
¡ To view detailed information about a client, click the client's MAC address.
¡ To view detailed information about an AC, click the AC name.
· Client Rate: Click the bar for a specific time in the Client Rate graph to display the Top N Clients by Total Rate list. The list displays client rate information such as authentication method, RF band, associated AP, associated AC, and uplink and downlink traffic information.
· Client Traffic: Displays the uplink and downlink traffic of clients for each statistics collection period in the specified time range.
· CPU Usage Trend/Memory Usage Trend: Displays the CPU usage and memory usage for each statistics collection period in the specified time range.
· AP Logs: Displays AP events and causes, including AP online and offline events.
View AP channel analysis
Restrictions and guidelines
The system collects statistics about 5 GHz and 2.4 GHz channels at intervals of 5 minutes.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Network > APs > Channel Analysis.
3. Select a site and a device or an area from the top of the page.
4. To adjust the number of data entries in the 5 GHz Channels or 2.4 GHz Channels area, hover over the list and then rotate your mouse wheel.
5. To view the channel usage details, click the data for a specific channel at a specific moment in the 5 GHz Channels or 2.4 GHz Channels area. The Channel Usage Details area displays the channel usage details at that moment.
View AP statistics
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Network > APs > AP Statistics.
You are placed on the APs tab.
3. Select a site and a device or an area from the top of the page.
4. To view AP disassociation information, click the AP Disassociations tab.
5. To view AP association failure information, click the AP Association Failures tab.
6. To view radio information, click the Radios tab.
7. To view AP restart statistics, click the AP Restart Statistics tab.
8. To view ARP analysis information, click the ARP Analysis tab.
9. To view the wired port list, click the Wired Port List tab.
Parameters
APs
· AP Info: Displays information about online, offline, invalid, or all APs. An AP is invalid if the system cannot obtain the AP's serial number.
¡ For online APs, this graph displays AP statistics by AP model and client quantity.
¡ For offline APs, this graph displays AP statistics by AP model and disassociation reason.
¡ For all APs, this graph displays AP statistics by AP model and client quantity. Invalid APs are not included.
· Online/Offline/All AP List:
¡ The Online AP List displays the AP name, online client quantity, associated AC, radio quantity, and uptime information.
¡ The Offline AP List displays the AP name, associated AC, radio quantity, disassociation reason, and disassociation time information.
¡ The All AP List displays the AP name, current state, online client quantity, associated AC, radio quantity, and uptime information.
¡ The Invalid AP List displays the AP name, AC name, and AC SN information for APs of which the AP SN is not obtained correctly.
To adjust the columns to display, click the + / - icon.
To save the data, click Export. The data will be saved as an electronic form in compressed format.
Radios
· Radio Distribution by Channel: Displays radio enabling status distribution by channel.
· Radio Distribution by Channel Usage: Displays radio enabling status distribution by channel.
· Radio Distribution by Client Count: Displays radio enabling status distribution by channel.
· Radio Distribution by State: Displays radio enabling status distribution by channel.
· Radio: Displays detailed AP radio information such as radio state, radio type, bandwidth, channel, and channel usage.
AP Disassociations
· By Disassociation Reason: Displays AP statistics by disassociation reason in the last seven days.
· By Disassociation Quantity: Displays AP statistics by disassociation quantity in the last seven days.
· AP Disassociation Details: Displays detailed AP disassociation information when you click the bar for a day in the By Disassociation Reason or By Disassociation Quantity graph.
To view detailed information about an AP or AC, click the AP or AC name in the list.
To save the data, click Export. The data will be saved as an electronic form in compressed format.
AP Restart Statistics
· AP Restart Reason: Displays AP restart reasons in the past 7 days through a graph. You can click a bar for a specific time in the graph to view the restart details and reasons for all restarted APs. The AC is the AC to which the AP is associated after the AP restarts and comes online again.
· AP Restarts: Displays AP restart counts in the past 7 days through a graph. You can click a bar for a specific time in the graph to view the restart details and counts for all restarted APs.
· AP Restart Details: Displays the detailed information for AP restart through a list.
· AP Restart Reasons: Displays the AP restart reasons through a list.
To save the data, click Export. The data will be saved as an electronic form in compressed format.
AP Association Failures
· By Association Failure Reason: Displays AP statistics by association failure reason in the last seven days.
· By Association Failure Quantity: Displays AP statistics by association failure quantity in the last seven days.
· AP Association Failure Details: Displays detailed AP association failure information when you click the bar for a day in the By Association Failure Reason or By Association Failure Quantity graph.
To view detailed information about an AP or AC, click the AP or AC name in the list.
To save the data, click Export. The data will be saved as an electronic form in compressed format.
ARP Analysis
The ARP Analysis list displays ARP statistics such as the number of uplink ARP packets, downlink ARP packets, and total ARP packets sent by the AP.
Wired Port List
· On the Real-Time Statistics tab:
¡ Rates: Displays rate statistics of the AP physical ports in the most recent data collection period through a list, such as the Rx rate and the Rx unicast rate.
¡ Traffic: Displays traffic statistics of the AP physical ports in the most recent data collection period through a list, such as the Rx traffic and Tx traffic.
· On the History Statistics tab:
¡ Traffic: Displays traffic statistics of the AP physical ports in the specified time span through a list, such as the Rx traffic and Tx traffic.
Restart APs
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select Network > APs > AP Reboot.
3. Select a site and a device or an area from the top of the page.
4. In the AP List area, you can perform the following tasks:
¡ To restart one or more APs immediately, select APs and click Immediate Reboot.
¡ To restart one or more APs at a scheduled time, select APs and click Scheduled Reboot and then specify a reboot time.
¡ To operate on APs that use the same labels, click Filter. In the expand sections, select state and labels and click Search.
Parameters
· AP Statistics: Displays the total number of APs and online APs for the selected AC in the site.
· AP Association and Disassociation Info: Displays the AP online and offline records for the selected AC in the site.
· Task List: Displays the history AP restart information.
· AP Reboot Task: Displays the detailed information about all scheduled AP restart tasks.
Manage network optimization
Perform one-key diagnosis
One-key diagnosis performs a thorough health check of all ACs in the site to discover potential issues. The system also provides suggestions against discovered issues.
Prerequisites
Before performing one-key diagnosis in a site, enable smart O&M for the site.
Restrictions and guidelines
· Cloud-managed APs do not support one-key diagnosis.
· For ACs, only ACs of version 5412 or higher support one-key diagnosis.
Perform one-key diagnosis
1. Access the Smart O&M menu.
2. From the left navigation pane, select Optimization > One-Key Diagnosis.
3. Select a site and a device from the top of the page.
4. Click View Check Items and select items to check as needed and then click OK.
The required items cannot be cleared.
5. Click Diagnose.
After the diagnosis finishes, the page displays the numbers of passed items, failed items, optimizable items, undiagnosable items, and skipped items. To view detailed items of a type, click the item quantity. To view all items, click the total item quantity.
For a site with multiple ACs, an item is marked failed if one AC fails to pass the item check. For an AC associated with multiple APs, the device is marked failed for an item check if one AP fails to pass the item check.
6. Optimize the network as needed.
¡ For failed items and optimizable items, click Expand Repair Suggestions to view the optimization suggestions. To manually configure the devices, click CLI Helper in the list. To troubleshoot the potential issues, click the details to access the Alarms page.
¡ For undiagnosable items, verify that the corresponding devices are connected to the network correctly. An undiagnosable item indicates that the system failed to obtain the required data.
View optimization records
1. Access the Smart O&M menu.
2. From the left navigation pane, select Optimization > One-Key Diagnosis.
3. Select a site and a device from the top of the page.
4. Click History Diagnosis Info.
5. To view information about a diagnosis, click its diagnosis result.
The system can save a maximum of 16 diagnosis records and save a record for a maximum of 6 days. If the maximum record limit is reached, the system deletes the oldest record before adding a new record.
View VIP device information
Cloud-managed APs do not support viewing VIP device information.
View VIP AP statistics
Perform this task to view VIP AP health or detailed information.
Prerequisites
Execute the ap-name ap-name and report-interval interval commands in monitor group view from the CLI of the device to add a VIP AP to the monitor group and configure the interval at which the system collects AP statistics and reports to the AC. The AP will report information about the associated clients and its running information to the AC, which will report the information to the cloud platform.
Restrictions and guidelines
· Only the software version of 5420 or higher supports this feature.
· The system collects statistics at intervals of 1 minute by default.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select VIP > VIP APs.
3. Select a site and a device from the top of the page.
4. To view health information for all APs in the site, click the bar for a specific moment in the By AP Health graph.
5. To view detailed AP information, click the name of an AP in the Online VIP AP List area.
6. To view detailed information about the AC associated with a VIP AP, click the AC name in the Online VIP AP List area.
Parameters
See "Parameters."
View VIP client statistics
Perform this task to view VIP client health information, quantity, or details.
Prerequisites
Execute the client-mac mac-address and report-interval interval commands to add a client to the VIP client group and configure the interval for the AP to report information about the VIP client to the AC.
Restrictions and guidelines
Only the software version of 5436 or higher supports the VIP client monitor function.
Procedure
1. Access the Smart O&M menu.
2. From the left navigation pane, select VIP > VIP Clients.
You are placed on the Summary tab.
3. Select a site and a device from the top of the page.
4. To view detailed information about VIP clients associated with 5 GHz, 2.4 GHz or all radios, click the bar for a specific moment in the By Client Health graph.
5. You can perform the following tasks on the Client List tab:
To view detailed information about a VIP client, click the MAC address link of the client on the Client List tab.
¡ To view detailed information about the AP associated with a VIP client, click the associated AP link on the Client List area.
¡ To view detailed information about the AC associated with a VIP client, click the associated AC link on the Client List area.
¡ To add remarks for a VIP client, use the feature in the Remark column.
¡ To view information about neighbor clients that are connected to the same AP and radio, click Compare in the Actions column for a client. The page displays compared data with level-1 VIP average value, level-2 VIP average value, and non-VIP average value, such as average latency, packet loss rate, packet error rate, retransmission rate, RSSI, uplink/downlink negotiated rate, and client health.
¡ To add VIP clients, click Add VIP Clients/Users and perform the following tasks:
- Specify the client MAC address.
- Specify the client VIP level. The priorities of level 1 VIP clients, level 2 VIP clients, and non-VIP clients are in descending order. You can rate limit only level 2 VIP clients and non-VIP clients. When resources are insufficient, APs might log off clients with a low priority to ensure service continuity for clients with a higher priority.
- Enter remarks for the client. You can specify a maximum of four remarks for a VIP client from this page or the Network > Sites > Site Summary page. The most recent configuration takes effect. If you do not enter any remark, the system will use the remarks configured in the Network > Sites > Site Summary page.
- To add more clients, click the icon 
in the Add More area.
¡ To add VIP users, click Add VIP Clients/Users and perform the following tasks:
- Specify the username.
- Specify the client VIP level. The priorities of level 1 VIP clients, level 2 VIP clients, and non-VIP clients are in descending order. You can rate limit only level 2 VIP clients and non-VIP clients.
- To add more clients, click the icon 
in the Add More area.
VIP users enable the system to identify clients using a specific username for authentication as VIP clients of the specified VIP level. Available client authentication methods include MAC, 802.1X, and portal authentications.
¡ To configure rate limit for clients, click Rate Limit and perform the following tasks:
- Select the target client. Options include Level-2 VIP and Non-VIP.
- Select a scope.
- Enable or disable rate limit as needed. If you enable rate limit, you must configure the maximum uplink and downlink rate limit.
¡ To import clients in batch, click Bulk Import. On the page that opens, click the Download Template link, complete information in the template, and upload the template file.
¡ To remove VIP clients, select clients in the list and click Remove VIP Clients. The selected VIP clients will be set to normal clients.
¡ To remove VIP users, click Remove VIP Users, select users and click OK. The selected VIP users will be set to normal users.
¡ To customize the columns to display, click the + / - icon.
Parameters
· VIP Client Count: Displays the number of online VIP clients and total number of VIP clients for different VIP levels.
· Client Distribution by Health State: Displays the VIP client health states for VIP clients associated to all or the specified devices in the site. The system collects health state statistics every 20 seconds. The sampling interval correlates to the configured report level.
· Client Distribution by Issue Count: Displays the number of issues for associated VIP clients of different VIP levels. To view the issue count for VIP clients in a specified time, click the bar for the time in the graph.
· Client Type: Displays VIP client types by VIP level and radio. To view the client types for VIP clients in a specified time, click the bar for the time in the graph.
· VIP Client List: Displays information about VIP clients. To view details about the VIP clients, click View Details.
· Idle: The client score is 100.
· Excellent: The client has a score of 80 or higher.
· Good: The client has a score in the range of 65 (included) to 80.
· Average: The client has a score smaller than 65.
Service component
Hotel management
Hotel management groups all APs in the hotel based on the floors and rooms in which the APs are installed and displays each room status through a tile on the Net-Optimize page. You can view the network status for each room and use the immediate reboot and fault report features for convenient O&M.
Manage rooms
To manage rooms, click Services > Hotel Management on the top navigation bar and select Rooms from the left navigation pane. On the page that opens, select a site.
Create a new room
To add a new room, click Add and perform the following tasks on the page that opens:
· Enter a room name.
· Select the room type and floor. To add room types and floors, click Set Now. For more information, see "Manage labels."
· Add remarks.
· Click Submit.
After the room is created successfully, if
you want to add APs to the room, click OK. On the
page that opens, select APs from the Unbound APs
list, click the 
icon
to add the APs to the Bound APs list, and click Submit.
Figure 32 Binding APs to the room
Create rooms in batch
To add rooms in batch, click Bulk Add and perform the following tasks on the page that opens:
· Enter a room name prefix.
· Specify start and end room numbers.
· Specify the room number length.
· Select the room type and floor. To add room types and floors, click Set Now. For more information, see "Manage labels."
· Add remarks.
· To preview the bulk created rooms, click Preview.
· Click Submit
After the rooms are created, you can bind APs to the rooms on the Rooms Without Bound APs tab.
|
|
NOTE: · The system adds continuous numbers to the specified room number prefix to form room names. · If the specified start or end room number does not reach the room number length, 0 will be added to the front. · Rooms created in a batch share the same room type, floor, and remarks. |
Figure 33 Previewing the bulk created rooms
Figure 34 Creating rooms in batch
Manage rooms with bound APs
On the Rooms With Bound APs tab, you can view information about rooms with bound APs, such as the room name, type, floor, and number of APs.
· To view or edit information of APs bound to a room, click the number link in the APs column for the room.
·
To add APs to a room, click the Add AP
icon 
in the Actions column for the room. On the page that opens,
select APs from the Unbound APs list, click the 
icon to add the APs to the Bound APs list, and click Submit.
· To edit information for a room, click the Edit icon in the Actions column for the room.
· To delete a room, click the Delete icon in the Actions column for the room. To delete room in batch, select rooms from the list and click Bulk Delete.
Manage room without bound APs
On the Rooms Without Bound APs tab, you can view information about rooms without bound APs.
· To view or edit information of APs bound to a room, click the number link in the APs column for the room.
·
To add APs to a room, click the Add AP
icon 
in the Actions column for the room. On the page that opens,
select APs from the Unbound APs list, click the 
icon to add the APs to the Bound APs list, and click Submit.
· To edit information for a room, click the Edit icon in the Actions column for the room.
· To delete a room, click the Delete icon in the Actions column for the room. To delete room in batch, select rooms from the list and click Bulk Delete.
Manage labels
This feature allows you to manage room types and floors by label to realize an accurate hotel room network management.
To manage labels, click Services > Hotel Management on the top navigation bar and select Labels from the left navigation pane. On the page that opens, select a site.
Manage room type labels
The cloud platform has multiple room types
such as standard double room, standard twin room, and restaurant. It also provides
five custom room types. You can click the 
icon to edit the
custom room type.
Manage floor labels
·
To add multiple floor labels one by one, click
the 
icon.
·
To delete a floor label, click the 
icon for the label.
· To submit the label configuration, click Submit.
Optimize the room network
To optimize the hotel room network, click Services > Hotel Management on the top navigation bar and select Net-Optimize from the left navigation pane. On the page that opens, select a site.
·
In the Tile view (by clicking the 
icon), you can view the score, online clients, upload rate, and
download rate for each room.
¡ To view information about rooms on all floors or on a certain floor, click All or a specific floor.
¡ To reboot an AP or all APs in a room, click Immediate Reboot on the tile for the room.
·
In the List view (by clicking the 
icon), you can view detailed room information such as the health
and number of APs.
¡ To filter out rooms of a certain health status, click the target health status above the list. Options include Excellent, Good, Normal, and Offline.
Table 1 Health status and the corresponding score range
|
Health |
Range |
|
Excellent |
≥80 |
|
Good |
65 (included) to 80 |
|
Normal |
<65 |
The scores and health states of rooms are determined based on the status of APs in the rooms. If all APs are offline in a room, the Health field for the room displays Offline. Note that if an AC is moved to a new site, to make sure that you can view APs managed by the AC, you must disassociate the APs from the AC before the moving and add them again in the new site.
Custom dashboard
About custom dashboard
Custom dashboard service enables you to add network statistical graphs to the monitoring screen to view the most recent network information such as network health, issue distribution, AP quantity, AP load statistics, client access trend, client/traffic trend, and alarm content.
Each account can create up to 10 dashboards, and the parent account can view the dashboards created by subaccounts.
Statistics displayed on the custom dashboard are collected by using Smart O&M. To use Smart O&M, you must first enable the feature from Network > System > Service Switch > Smart O&M.
Figure 35 Dashboard
Create a dashboard
1. On the top navigation bar, select Services > Custom Dashboard.
You are placed on the My Dashboards page.
2. Click Create Dashboard.
3. Select the assurance template or the empty template, and then click Create Dashboard.
4. Specify a name for your dashboard and then click OK.
The dashboard customization page opens. The page contains the tile area, services area, dashboard area, and dashboard/tile settings area from left to right, and a tool bar at the top.
5. Add tiles to the dashboard. You can put custom contents on your dashboard by using tiles of different types, such as services, text, picture, time, and assistant.
6. Manage tiles in the Tile area.
To adjust the display order of a tile, select the tile, and then select an action. The tile on top is displayed the first on your dashboard.
To hide or display a tile, click the 
icon to the left
of the tile.
To view the data source of a tile, click the tile.
To remove a tile from your dashboard,
select the tile, and then click the 
icon.
7. Manage the layout in the Dashboard area.
¡ To resize a tile, click on the tile, move your mouse pointer over one of the handles and then drag your mouse.
¡ To adjust the position of a tile, select the tile, and then press the arrow keys on your keyboard.
¡ To adjust the display order or remove a tile from your dashboard, right-click on the tile, and then select an action.
¡ To create a vertical or horizontal guide, click on a ruler.
¡ To move a guide to the desired position, drag the guide.
¡ To delete a guide, double-click the guide.
¡ To
show or hide a guide, click the 
icon at the intersection of the rulers in the upper-left corner.
8. To configure dashboard settings, click on a blank area on your dashboard. The Dashboard Settings area is displayed to the right of the page. The settings apply to all tiles on your dashboard.
On the Style tab, you can configure the dashboard theme, title style, tile title, background picture, and dashboard cover. Only .jpg, .png, and .jpeg files are supported and the file size cannot exceed 2 MB.
To configure data source settings such as time span and refresh interval, click the Data tab. To restore the default settings for all tiles on your dashboard, click Restore Default Settings.
9. To configure settings for a tile, click a tile in the Tile or Dashboard area. The Tile Settings area is displayed to the right of the page.
¡ On the Style tab, you can adjust the tile title name, title alignment, font size, tile position, and title display style, depending on the tile you select.
¡ On the Data tab, you can select devices, set a time span, and set a refresh interval, depending on the tile you select.
10. To preview your dashboard, click Save & Preview in the upper right corner after arranging the tiles on the dashboard.
To view the dashboard in full screen mode, press a shortcut key on your keyboard, for example, F11, depending on the operating system or browser you use.
Edit, clone, or delete a dashboard
1. On the top navigation bar, select Services > Custom Dashboard.
You are placed on the My Dashboards page.
2. Hover over the target dashboard to view, clone, or delete the dashboard, add remarks for the dashboard, or edit the dashboard name.
Report management
Report management sends site-based service reports that contain statistics such as the access client trend, access total traffic trend, and average online duration trend. The system sends reports to specified email addresses and you can obtain daily graphical operation statistics without logging in to the cloud platform.
Manage users
To manage users, click Services > Report Management on the top navigation bar and select Users from the left navigation pane. On the page that opens, select a site.
Configure email accounts
A maximum of 100 email accounts can be added.
· To add an email account, click Add. Enter account name, email address, and remarks, and click OK. After adding, log in to the added email address to activate the account. After the activation, the State field for the account will display Activated.
Figure 36 Adding an email account
·
To edit an email account, click the Edit icon 
for the account, edit the information, and click OK.
·
To delete an email account, click the Delete icon 
for the account. In the dialog box that opens, click OK.
·
For an account that failed to be activated or of
which the activation email expires (exceeding 24 hours), to re-activate the
email account, click the Re-activate icon 
for the account. The system will send a new activation email to the
added email address and the previous activation email will be invalid.
· To delete email accounts in batch, select accounts from the list and click Bulk Delete. In the dialog box that opens, click OK.
Manage reports
To manage reports, click Services > Report Management on the top navigation bar and select O&M Reports from the left navigation pane. On the page that opens, select a site.
On the O&M Reports page, you can perform the following tasks:
To add a report, click Add and perform the following task on the page that opens:
· Enter a report name.
¡ Select the site name.
¡ Select a pushing interval from daily or weekly.
¡ Select a report form. You can click Preview to preview the report.
¡ In the Receiver Accounts field, click Add Email to add recipients.
¡ Add remarks.
¡ Click Save.
·
To edit a report, click the Edit icon 
for the report. You can edit the report name, site name, and
receiver accounts.
·
To delete a report, click the Delete icon 
for the report.
· To preview a report, click the format link in the Report Format column for the report. On the page that opens, you can view the following network operation statistics in the report:
¡ Access client statistics
¡ Access client trend
¡ Access client total traffic trend
¡ Access client average traffic trend
¡ Average online duration trend
¡ Access client proportion
¡ Online duration proportion
¡ Number of week visits
¡ Statistics by SSID
¡ Statistics by client vendor
¡ Top N clients by quantity
¡ Client online duration top 10
· To view report pushing records, click Report Pushing records.
About cloud platform authentication
Cloud platform provides abundant authentication methods for access users such as employees, guests, and IoT terminals. When a client wants to access the Internet or the specific network resources, the access device redirects the client to the cloud platform for portal authentication.
Cloud platform offers the following benefits:
· No upper limit for authentication clients.
· Abundant authentication policies.
· Custom ads pushing services.
Cloud platform provides the authentication methods listed in Table 2.
Table 2 Authentication methods
|
Authentication method |
Applicable scenario |
Remarks |
Combined authentication |
|
One-key |
Low auditing and operational statistics collection requirements, such as restaurants and shops. |
MAC-based authentication. Users can complete authentication by simply clicking a button on the portal authentication page. |
Supported |
|
Fixed account |
Network users are fixed, such as campus and office areas. |
Username and password based authentication. The following functions are supported: LDAP Import and export of accounts Binding one account to multiple MAC addresses Concurrent client limit |
Supported |
|
Google authentication |
Operators use Google to collect statistics about network users. |
Users must log in to Google to grant access to the cloud platform. |
Supported |
|
Twitter authentication |
Operators use Twitter to collect statistics about network users. |
Users must log in to Twitter to grant access to the cloud platform. |
Supported |
|
Dumb terminal authentication |
IoT devices, wireless printers, and POS terminals. |
Automated authentication on specific wireless terminals. |
Not supported |
|
Facebook authentication |
Operators use Facebook to collect statistics about network users. |
Users must log in to Facebook to grant access to the cloud platform. |
Supported |
|
· |
NOTE: A wireless router can act as an AC or fat AP to provide wireless authentication. A wired router connects to terminals directly or connects to terminals through a switch or fat AP for authentication. |
Configure cloud platform authentication with an AC as the authenticator
Configure basic settings
Prerequisites
Before configuring cloud platform authentication, complete the following tasks:
· Connect the device to the cloud platform.
· Complete the VLAN and DHCP settings.
· Configure wireless services and make sure the APs can come online.
Configure settings on the device
Configure Facebook authentication
|
|
IMPORTANT: Free-rule 38 might disable the app from displaying pictures. Please configure this rule as needed or contact Technical Support. |
# Configure destination-based portal-free rules to allow portal users who send an HTTP/HTTPS request that carries Facebook-related host names to access network resources without authentication.
<Sysname> system-view
[Sysname] portal free-rule 31 destination facebook.com
[Sysname] portal free-rule 32 destination m.facebook.com
[Sysname] portal free-rule 33 destination www.facebook.com
[Sysname] portal free-rule 34 destination graph.facebook.com
[Sysname] portal free-rule 35 destination connect.facebook.net
[Sysname] portal free-rule 36 destination static.xx.fbcdn.net
[Sysname] portal free-rule 37 destination staticxx.fbcdn.com
[Sysname] portal free-rule 38 destination scontent-hkg-3-1.xx.fbcdn.net
Configure one-key authentication
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. To add an authentication template, click Add on the Authentication Templates tab.
5.
To edit an authentication template, click the
Edit icon 
for that authentication template.
6.
To bind an authentication template to a
wireless service, click the Edit icon 
for that authentication template, select Yes from the Bind
to Wireless Service field, and then click Apply. If the template has
been bound to wireless service, skip this step.
7.
Click the Draw icon 
for the target authentication template.
8. Click the One-Key tile in the Auth Configuration area, enable one-key authentication, and then configure other settings as needed.
9. Click OK or click Release in the upper right corner of the page.
Figure 37 Configuring one-key authentication
Configure fixed account authentication
Restrictions and guidelines
If you do not configure the validity period or configure it as 0, the account never expires.
If you select Bind MAC Address and do not enter any MAC addresses, clients that use the fixed account are not limited.
If you select Sent by Email, the system sends the account name and password to the specified email address. The number of email addresses cannot exceed 10 and must be separated by commas.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Users from the navigation pane.
3. Click the Fixed Accounts tab.
4. Click Add.
5. Configure fixed account information as required.
Figure 38 Adding a fixed account
6.
To add or edit an authentication template,
select Settings > ACs > Authentication from the
navigation pane, and then select a branch, a site, and a device from the top of
the page. To add a template, click Add on the Authentication Templates
tab. To edit a template, click the Edit icon 
for that authentication template.
7.
To bind an authentication template to a
wireless service, click the Edit icon 
for that authentication template, select Yes from the Bind
to Wireless Service field, and then click Apply. If the template has
been bound to wireless service, skip this step.
8.
Click the Draw icon 
for the target authentication template.
9. Click the Account tile in the Auth Configuration area, enable fixed account authentication, and then configure other settings as needed.
10. Disable other authentication methods.
11. Click OK or click Release in the upper right corner of the page.
Figure 39 Configuring fixed account authentication
Configure Google authentication
Creating a Google app
1. Log in to Google Cloud Platform at https://console.cloud.google.com/apis.
2. Click CREATE PROJECT to create a project.
Figure 40 Creating a project
3. Configure the basic project settings, and then click Create.
Figure 41 Basic project settings
4. Configure OAuth consent screen settings.
a. Select External as the user type.
Figure 42 Selecting a user type
b. Edit app registration settings
Figure 43 Editing app registration settings 1
Figure 44 Editing app registration settings 2
c. Configure scopes.
You only need to select userinfo.profile.
Figure 45 Updating scopes
d. Configure test users
Click Add Users to add test users. Only test users can log in to a Google app in Testing state.
Figure 46 Adding test users
5. Create credentials.
a. Click CREATE CREDENTIALS, and then click OAuth client ID.
Figure 47 Creating credentials
b. Select web application as the application type.
Figure 48 Selecting an application type
c. Add authorized JavaScript origins and authorized redirect URIs.
The authorized redirect URI is https://inccloud.intelbras.com.br:10443/portal/googleCallback.html.
The specified JavaScript origins must start with https.
Figure 49 Authorized JavaScript origins and authorized redirect URIs
6. After the credential is created, click Credentials on the left navigation pane. In the OAuth 2.0 Client IDs list, click Edit OAuth client in the Actions column for the credential. On the page that opens, you can view the ID and the secret key of the client.
Figure 50 Client information
Configure Google authentication settings on the cloud platform
The Google authentication method can be used in conjunction with:
· Facebook authentication.
· Twitter authentication.
You can use up to three authentication methods simultaneously.
Figure 51 Google authentication
Configure Twitter authentication
Creating a Twitter app
1. Log in to Twitter Developer Platform at https://developer.twitter.com/.
Figure 52 Homepage
2. Register for a developer account.
Figure 53 Page for account registration
3. Click Developer Portal to create an app on the background.
Figure 54 Application naming
4. Record the API key, and the API key secret. They will be used later.
Figure 55 Password
5. Configure application settings
a. Click the Settings icon in the Apps area.
Figure 56
b. Click the Set up button in the User authentication settings area.
Figure 57 User authentication settings
Figure 58 Enabling Oauth 1.0a.
d. Specify a redirect URL and a website URL.
- Redirect URL: https://inccloud.intelbras.com.br:10443/portal/twitterCallback.html.
- Website URL: Enter a URL in domain name format.
Figure 59 Redirect URL and website URL
Configure Twitter authentication settings on the cloud platform
The Google authentication method can be used in conjunction with:
· Account authentication.
· Facebook authentication.
· Google authentication.
You can use up to three authentication methods simultaneously.
Figure 60 Twitter authentication
Configure Facebook authentication
With Facebook authentication enabled, users will be redirected to the Facebook login page for authentication. They can access the network only after granting the cloud platform to obtain his or her Facebook information (nickname, profile, and email information) from Facebook.
Creating a Facebook app
1. Log in to Meta for Developers at https://developers.facebook.com/.
2. Click Create App to create a Facebook app.
Figure 61 Creating an app
3. Select Allow people to log in with their Facebook account.
Figure 62 Selecting a use case
4. Specify the app name.
Figure 63 Specifying the app name
5. Start business verification.
Figure 64 Business verification
6. On Meta for Developers, enable client OAuth login and web OAuth login, and enter the URI of the authentication login page as a valid OAuth redirect URI. To obtain the URI of the authentication login page, access the Auth Configuration page of the cloud platform, and click Preview.
Figure 65 OAuth settings
Figure 66 Auth configuration page
Figure 67 Authentication login page
Configuring Facebook authentication settings on the cloud platform
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. To add an authentication template, click Add on the Authentication Templates tab.
5.
To edit an authentication template, click
the Edit icon 
for that authentication template.
6.
To bind an authentication template to a
wireless service, click the Edit icon 
for that authentication template, select Yes from the Bind
to Wireless Service field, and then click Apply. If the template has
been bound to a wireless service, skip this step.
7.
Click the Draw icon 
for the target authentication template.
8. Click the Facebook tile in the Auth Configuration area, enable authentication via Facebook, enter the App ID, and disable all the other authentication methods.
9. Click OK or click Release in the upper right corner of the page.
Figure 68 Configuring Facebook authentication
Configure dumb terminal authentication
Restrictions and guidelines
If an account group contains accounts that have been authenticated, changing the validity period of the account group will change the validity period of all the accounts in the group.
If you configure the validity period as 0, the account never expires.
You can enter the first three bytes to add MAC addresses in bulk. The validity period configuration for a complete MAC address and that for a three-byte MAC address are not mutually exclusive. Assume that you add MAC addresses that start with AA-BB-CC and specify a 5-day validity period and then add MAC address AA-BB-CC-11-22-33 and specify a 10-day validity period. The validity periods of dumb terminals with a MAC address of AA-BB-CC-11-22-33 and a MAC address that starts with AA-BB-CC are 10 and 5 days, respectively.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane, Click the Accounts tab.
3. On the Dumb Terminal Accounts tab, click Edit Account Group.
4. Click Add.
5. Enter the required information and then click OK.
Figure 69 Adding an account group
6. Select an account group and then click Add.
7. Enter a MAC address in the required format.
Figure 70 Adding a MAC address
8. Click the Authentication Templates tab.
9.
To add an authentication template, click
Add. To edit an authentication template, click the Edit icon 
for that authentication template.
10.
Click the Draw icon 
for the target authentication template. You are placed on the Login
tab.
11. Click the Dumb Terminal tile in the Auth Configuration area, and then enable dumb terminal authentication.
12. Select an account group.
13. Click OK or click Release in the upper right corner of the page.
Figure 71 Configuring dumb terminal authentication
14. To deploy a template, perform the following steps:
a.
Click the Deploy Template icon 
for that authentication template.
b. Click the ACs tab.
c. Select a branch or site.
d. Select an AC and then click Apply.
If no devices are displayed, please check the device version.
Figure 72 Deploying a template
e. Select a service template or an SSID, and then click OK.
Figure 73 Selecting a service template
15. Enable MAC-triggered authentication on the device. For more information, see "Configure MAC-trigger authentication."
Configure bulk authentication
Perform this task to deploy authentication settings in bulk.
Restrictions and guidelines
The configuration of a bulk authentication
template takes precedence over that of a non-bulk authentication template. For
the non-bulk authentication template to take effect, click the Edit icon 
for that
authentication template, and then click Apply.
Before deploying the configuration in bulk, make sure the following requirements are met:
· The devices where bulk authentication is deployed are online. If a device is offline, the deployment fails. The device will load the most recent deployed configurations at start up.
· The software version must be 5405 or higher.
· The wireless service name is the same as the portal Web server.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane..
3. On the Authentication Templates tab, click Add.
4.
Click the Draw icon 
for the target authentication template. For the detailed
configuration procedures of different authentication methods, see "Configure basic settings."
Table 3 Configuring bulk authentication
5. To deploy a template, perform the following steps:
a.
Click the Deploy Template icon 
for that authentication template.
b. Click the ACs tab.
c. Select a branch or site.
d. Select an AC and then click Apply.
If no devices are displayed, please check the device version.
Figure 74 Deploying a template
Customize an authentication page
You can configure the landing page, login page, login success page, and home page and can push or disable the landing page or login success page as needed.
Restrictions and guidelines
The picture size cannot exceed 1 M. As a best practice, set the picture size to be in the range of 100 KB to 200 KB. Only JPG, JPEG, BMP, PNG, GIF, and SVG formats are allowed.
As a best practice to avoid affecting the loading speed of the page, do not add too many controls.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane..
3.
On the Authentication Templates tab,
click the Draw icon 
for the target authentication template.
4. Configure the following settings as shown in Figure 75:
¡ Logo—The aspect ratio must be 1:1. The picture will be automatically cut into a circle. You can enter a shop name with a length of less than 12 characters.
¡ Background—The aspect ratio must be 3:5.
¡ Carousel—The aspect ratio must be 11:5. Two or three pictures of the same height are required.
¡ Picture—The aspect ratio must be 11:5. The description for the picture cannot exceed 48 characters.
¡ Video—The video size cannot exceed 5 M. Only MP4, WEBM, and OGG formats are allowed.
¡ Text—You can edit the font, font size, bold type, and font color.
Figure 75 Custom template description
5. To configure the homepage, click the Home tab, and then select Use Custom Link.
6. Enter a custom link and then click Upload.
7. To preview the link, click Preview in the upper right corner of the page.
Figure 76 Previewing the configuration change
8. Click Release in the upper right corner of the page.
The homepage pushed to users during portal authentication will be replaced by the page redirected by this custom link.
Figure 77 Configuring the custom template
Configure advanced settings
The cloud platform provides advanced authentication settings to simplify authentication management, reduce cost, and optimize market promotion. Table 4 describes available advanced features for each authentication method. You can configure these settings as needed.
Table 4 Advanced cloud platform authentication features
|
Authentication method |
Advanced features |
|
One-key authentication |
Captive-bypass Hiding and customizing one-key authentication button Internet access settings Authentication free Inter-site and inter-SSID re-authentication Internet access control Developer mode Domain name whitelist and blacklist Viewing and exporting history of authentication configuration deployment |
|
Fixed-account authentication |
Captive-bypass Bulk management of fixed accounts Self-service password change Collaboration with LDAP server Changing visual effects of the login page Internet access settings Authentication free Inter-site and inter-SSID re-authentication Internet access control Developer mode Domain name whitelist and blacklist Viewing and exporting history of authentication configuration deployment |
|
Facebook authentication |
Captive-bypass Changing visual effect settings of the login page Internet access settings Inter-site and inter-SSID re-authentication Internet access control Developer mode Domain name whitelist and blacklist Viewing and exporting history of authentication configuration deployment |
|
Dumb terminal authentication |
Captive-bypass Management of dumb terminal account groups Internet access control Developer mode Domain name whitelist and blacklist Viewing and exporting history of authentication configuration deployment |
Enable the captive-bypass feature
Typically, the device pushes the authentication page to a client automatically when the client attempts to access a portal authentication network. The captive-bypass feature enables the device to push the portal authentication page to the client only when the user launches a browser.
To enable the captive-bypass feature, you must perform the following steps on the device:
1. Enter system view.
system-view
2. Enter portal Web server view of Web server cloud.
portal web-server cloud
3. Enable the captive-pass feature.
captive-bypass enable
Hide or customize the one-key authentication button
Perform this task to hide the one-key authentication button or change the button style. If the button is hidden, users pass the authentication automatically after the countdown timer on the login page expires.
Restrictions and guidelines
You can change the button style only when the button is not hidden.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click the One-Key tile in the Auth Configuration area, and then hide or customize the button as needed.
Manage fixed accounts
Perform this task to delete, import, or export fixed accounts in bulk.
To manage fixed accounts:
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Users from the navigation pane.
3. Click the Fixed Accounts tab.
4. To delete fixed accounts, select the target fixed accounts and then click Delete.
5. To import fixed accounts, click Import, download the template file and fill in the file as required, and then upload the template file.
6. To export fixed accounts, click Export.
Enable self-service password change
This feature enables users to change passwords at login. With this feature disabled, only the administrators can change the passwords of fixed accounts.
To enable self-service password change:
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click the Account tile in the Auth Configuration area.
6. Enable Change Password.
Enable collaboration with an LDAP server for fixed account verification
Perform this task to enable the cloud platform to report usernames and passwords to the LDAP server for verification when users attempt to access the WLAN by using fixed accounts. This frees network administrators from importing account information from the LDAP server to the cloud platform.
Restrictions and guidelines
To use this feature, make sure the LDAP server has been configured.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click the Account tile in the Auth Configuration area.
6. Enable LDAP and configure LDAP settings as needed.
7. Click LDAP Config Verification to verify the LDAP settings.
Change visual effect settings of the login page
Perform this task to customize the background color, background opacity, and text color on the login page.
Restrictions and guidelines
|
|
CAUTION: Restoring default settings will remove all user-defined visual effect settings and the restore operation is irreversible. Please use this feature with caution. |
Visual effect settings of authentication methods take effect only when multiple authentication methods are enabled.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click to expand the Login Style menu in the Auth Configuration area.
6. Configure the background color, background opacity, and text color as needed.
The adjustment will be displayed in the preview area in real time. To restore the default visual effect settings, click Restore Default.
Configure Internet access settings
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click to expand the Advanced Settings menu in the Auth Configuration area.
6. Configure Internet access settings as needed.
Parameters
· Session Timeout: Maximum continuous online duration of a client upon one authentication. A client will be logged off when its continuous online duration exceeds the timeout. The session timeout cannot be larger than the daily online duration.
· Daily Online Duration: Maximum online duration of a client for a day. A client will be logged off when its online duration for a day exceeds the limit. The daily online duration cannot be smaller than the session timeout.
· Minimum Traffic and Idle Timer: Logs off a client if its traffic within an idle timer fails to reach the minimum traffic threshold. Setting the idle timer to 0 disables the idle timer feature.
|
|
NOTE: As a best practice, set the idle timer to a value no larger than half of the clients' IP address lease, enabling entries of offline clients to be deleted in time. |
· Client Rate Limit: Limited rate of uplink and downlink client traffic. This feature is supported in versions higher than 5417P01.
· HTTPS for Landing and Login: Use HTTPS sessions for the Landing and Login page.
· Permit PC: Permit PCs to access the WLAN. Facebook authentication does not support this feature.
Manage dumb terminal account groups
Perform this task to create, delete, or edit dumb terminal account groups and import or export dumb terminal accounts.
If you enable dumb terminal authentication and specify an account group, only dumb terminals in the group can access the WLAN.
To manage dumb terminal account groups:
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane Click the Accounts tab.
3. On the Dumb Terminal Accounts tab, configure dumb terminal account groups.
Configure portal automated authentication
This feature allows users that have been authenticated to access the network without re-authentication within the auth-free period. The following modes are available:
· Portal redirection—In this mode, users must run a browser to trigger automatic portal authentication. This mode supports pushing ads to clients.
· MAC-trigger—In this mode, users can access the WLAN without running a browser. This mode does not support pushing ads to clients.
Configure portal redirection authentication
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click to expand the Advanced Settings menu in the Auth Configuration area.
6. Click the Auth-Free tab and configure the Free Auth feature.
Configure MAC-trigger authentication
1. Configure portal redirection authentication. For more information, see "Configure portal redirection authentication."
2. Configure MAC-trigger authentication on the device:
a. Configure the MAC binding server.
|
|
NOTE: Perform this step only in versions earlier than 5405. Version 5405 and later support automatic authentication setting deployment to devices and do not need manual configuration of commands in this step. |
# Create a MAC binding server and enter its view.
<Sysname> system-view
[Sysname] portal mac-trigger-server cloud
# Enable cloud MAC-trigger authentication. Set the maximum number of MAC binding query attempts to 2 and the query interval to 3 seconds.
[Sysname-portal-mac-trigger-server-cloud] cloud-binding enable
[Sysname-portal-mac-trigger-server-cloud] binding-retry 2 interval 3
[Sysname-portal-mac-trigger-server-cloud] quit
b. Apply MAC binding server cloud to service template cloud.
[Sysname] wlan service-template cloud
[Sysname-wlan-st-cloud] portal apply mac-trigger-server cloud
Configure inter-site and inter-SSID re-authentication
This feature allows clients that have been authenticated to roam between wireless services associated with different sites or different SSIDs for the same site without re-authentication. These wireless services must use the same authentication template or have the same SSID.
Restrictions and guidelines
This feature is available only for authentication templates configured in the App Center.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane.
3.
Click the Draw icon 
for the target authentication template.
4. Click to expand the Advanced Settings menu in the Auth Configuration area.
5. Click the Auth-Free tab and enable Free Auth.
6. Configure inter-site and inter-SSID re-authentication.
Configure Internet access control
Perform this task to specify the time ranges during which users are allowed to access the WLAN.
Restrictions and guidelines
Internet access control is on a per-hour basis. You can specify a maximum of five time ranges for a day. To specify a time range that ends at 24 o'clock, set the end time to 00. If you set a time range to 00 to 00 for a day, users can access the Internet at any time that day.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click to expand the Advanced Settings menu in the Auth Configuration area.
6. Click the Internet Access Control tab and specify the time ranges.
Configure the developer mode
|
|
CAUTION: Editing the codes of existing functions might disable cloud platform authentication. Please use this feature with caution. |
The developer mode allows users to modify the source codes of an authentication template for customization purposes.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4.
Click the Draw icon 
for the target authentication template.
5. Click Developer Mode in the upper right corner.
Configure the domain name whitelist and blacklist
Restrictions and guidelines
This feature takes effect only when wireless authentication is configured.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > ACs > Authentication from the navigation pane.
3. Click the Domain Name Whitelist or Domain Name Blacklist tab to configure the whitelist or blacklist.
View or export history of authentication template deployment
Perform this task to view the history of all authentication template deployment or deployment in the current day, past 7 days, or past 30 days.
To view or export history of authentication template deployment:
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane.
3.
On the Authentication Templates tab,
click the Apply icon 
for the target authentication template.
4. Click the ACs tab to view the deployment history for an AC.
Configure cloud platform authentication with a wireless router as the authenticator
Configure basic settings
Prerequisites
Before configuring cloud platform authentication, complete the following tasks:
· Connect the device to the cloud platform.
· For more information, see cloud platform Deployment Guide.
· Complete the VLAN and DHCP settings.
· Configure wireless services and make sure the APs can come online.
Configure one-key authentication
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. To add an authentication template, click Add on the Wireless Authentication Templates tab.
5.
To edit an authentication template, click
the Edit icon 
for that authentication template.
6.
To bind an authentication template to a
wireless service, click the Edit icon 
for that authentication template, select Yes from the Bind
to Wireless Service field, and then click Apply. If the template has
been bound to wireless service, skip this step.
7.
Click the Draw icon 
for the target authentication template.
8. Click the One-Key tile in the Auth Configuration area, enable one-key authentication, and then configure other settings as needed.
9. Click OK or click Release in the upper right corner of the page.
Figure 78 Configuring one-key authentication
Configure fixed account authentication
Restrictions and guidelines
If you do not configure the validity period or configure it as 0, the account never expires.
If you select Bind MAC Address and do not enter any MAC addresses, clients that use the fixed account are not limited.
If you select Sent by Email, the system sends the account name and password to the specified email address. The number of email addresses cannot exceed 10 and must be separated by commas.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Users from the navigation pane.
3. Click the Fixed Accounts tab.
4. Click Add.
5. Configure fixed account information as required.
Figure 79 Adding a fixed account
6.
To add or edit an authentication template,
select Settings > Routers > Authentication from the
navigation pane and then select a branch, a site, and a device from the top of
the page. To add a template, click Add on the Wireless Authentication
Templates tab. To edit a template, click the Edit icon 
for that authentication template.
7.
To bind an authentication template to a
wireless service, click the Edit icon 
for that authentication template, select Yes from the Bind
to Wireless Service field, and then click Apply. If the template has
been bound to wireless service, skip this step.
8.
Click the Draw icon 
for the target authentication template.
9. Click the Account tile in the Auth Configuration area, enable fixed account authentication, and then configure other settings as needed.
10. Disable other authentication methods.
11. Click OK or click Release in the upper right corner of the page.
Figure 80 Configuring fixed account authentication
Configure dumb terminal authentication
Restrictions and guidelines
If an account group contains accounts that have been authenticated, changing the validity period of the account group will change the validity period of all the accounts in the group.
If you configure the validity period as 0, the account never expires.
You can enter the first three bytes to add MAC addresses in bulk. The validity period configuration for a complete MAC address and that for a three-byte MAC address are not mutually exclusive. Assume that you add MAC addresses that start with AA-BB-CC and specify a 5-day validity period and then add MAC address AA-BB-CC-11-22-33 and specify a 10-day validity period. The validity periods of dumb terminals with a MAC address of AA-BB-CC-11-22-33 and a MAC address that starts with AA-BB-CC are 10 and 5 days, respectively.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane, Click the Accounts tab
3. On the Dumb Terminal Accounts tab, click Edit Account Group.
4. Click Add.
5. Enter the required information and then click OK.
Figure 81 Adding an account group
6. Select an account group and then click Add.
7. Enter a MAC address in the required format.
Figure 82 Adding a MAC address
8. Click the Authentication Templates tab.
9.
To add an authentication template, click
Add. To edit an authentication template, click the Edit icon 
for that authentication template.
10.
Click the Draw icon 
for the target authentication template. You are placed on the Login
tab.
11. Click the Dumb Terminal tile in the Auth Configuration area, and then enable dumb terminal authentication.
12. Select an account group.
13. Click OK or click Release in the upper right corner of the page.
Figure 83 Configuring dumb terminal authentication
14. To deploy a template, perform the following steps:
a.
Click the Deploy Template icon 
for that authentication template.
b. Click the Router tab.
c. Select a branch or site.
d. Select a device and then click Apply.
If no devices are displayed, please check the device version.
Figure 84 Deploying a template
e. Select a service template or an SSID, and then click OK.
Figure 85 Selecting a service template
15. Enable MAC-triggered authentication on the device. For more information, see "Configure MAC-trigger authentication."
Configure bulk authentication
Perform this task to deploy authentication settings in bulk.
Restrictions and guidelines
The configuration of a bulk authentication
template takes precedence over that of a non-bulk authentication template. For
the non-bulk authentication template to take effect, click the Edit icon 
for that
authentication template, and then click Apply.
Before deploying the configuration in bulk, make sure the following requirements are met:
· The devices where the bulk authentication is deployed are online. If a device is offline, the deployment fails for the device. The device will load the most recent deployed configurations at start up.
· The wireless service name is the same as the portal Web server.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane,
3.
Click the Draw icon 
for the target authentication template. For the detailed
configuration procedures of different authentication methods, see "Configure basic settings."
Figure 86 Configuring bulk authentication
4. To deploy a template, perform the following steps:
a.
Click the Deploy Template icon 
for that authentication template.
b. Click the Router tab.
c. Select a branch or site.
d. Select a device and then click Apply.
If no devices are displayed, please check the device version.
Figure 87 Deploying a template
Customize an authentication page
You can configure the landing page, login page, login success page, and home page and can push or disable the landing page or login success page as needed.
Restrictions and guidelines
The picture size cannot exceed 1 M. As a best practice, set the picture size to be in the range of 100 KB to 200 KB. Only JPG, JPEG, BMP, PNG, GIF, and SVG formats are allowed.
As a best practice to avoid affecting the loading speed of the page, do not add too many controls.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane.
3.
On the Authentication Templates tab,
click the Draw icon 
for the target authentication template.
4. Configure the following settings as shown in Figure 88:
¡ Logo—The aspect ratio must be 1:1. The picture will be automatically cut into a circle. You can enter a shop name with a length of less than 12 characters.
¡ Background—The aspect ratio must be 3:5.
¡ Carousel—The aspect ratio must be 11:5. Two or three pictures of the same height are required.
¡ Picture—The aspect ratio must be 11:5. The description for the picture cannot exceed 48 characters.
¡ Video—The video size cannot exceed 5 M. Only MP4, WEBM, and OGG formats are allowed.
¡ Text—You can edit the font, font size, bold type, and font color.
Figure 88 Custom template description
5. To configure the homepage, click the Home tab, and then select Use Custom Link.
6. Enter a custom link and then click Upload.
7. To preview the link, click Preview in the upper right corner of the page.
Figure 89 Previewing the configuration change
8. Click Release in the upper right corner of the page.
The homepage pushed to users during portal authentication will be replaced by the page redirected by this custom link.
Figure 90 Configuring the custom template
Configure advanced settings
The cloud platform provides advanced authentication settings to simplify authentication management, reduce cost, and optimize market promotion. Table 5 describes available advanced features for each authentication method. You can configure these settings as needed.
Table 5 Advanced cloud platform authentication features
|
Authentication method |
Advanced features |
|
One-key authentication |
Captive-bypass Hiding and customizing one-key authentication button Internet access settings Authentication free Inter-site and inter-SSID re-authentication Internet access control Developer mode Domain name whitelist and blacklist Viewing and exporting history of authentication configuration deployment |
|
Fixed-account authentication |
Captive-bypass Bulk management of fixed accounts Self-service password change Collaboration with LDAP server Changing visual effects of the login page Internet access settings Authentication free Inter-site and inter-SSID re-authentication Internet access control Developer mode Domain name whitelist and blacklist Viewing and exporting history of authentication configuration deployment |
|
Dumb terminal authentication |
Captive-bypass Management of dumb terminal account groups Internet access control Developer mode Domain name whitelist and blacklist Viewing and exporting history of authentication configuration deployment |
Enable the captive-bypass feature
Typically, the device pushes the authentication page to a client automatically when the client attempts to access a portal authentication network. The captive-bypass feature enables the device to push the portal authentication page to the client only when the user launches a browser.
To enable the captive-bypass feature, you must perform the following steps on the device:
1. Enter system view.
system-view
2. Enter portal Web server view of Web server cloud.
portal web-server cloud
3. Enable the captive-pass feature.
captive-bypass enable
Hide or customize the one-key authentication button
Perform this task to hide the one-key authentication button or change the button style. If the button is hidden, users pass the authentication automatically after the countdown timer on the login page expires.
Restrictions and guidelines
You can change the button style only when the button is not hidden.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click the One-Key tile in the Auth Configuration area, and then hide or customize the button as needed.
Manage fixed accounts
Perform this task to delete, import, or export fixed accounts in bulk.
To manage fixed accounts:
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Users from the navigation pane.
3. Click the Fixed Accounts tab.
4. To delete fixed accounts, select the target fixed accounts and then click Delete.
5. To import fixed accounts, click Import, download the template file and fill in the file as required, and then upload the template file.
6. To export fixed accounts, click Export.
Enable self-service password change
This feature enables users to change passwords at login. With this feature disabled, only the administrators can change the passwords of fixed accounts.
To enable self-service password change:
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click the Account tile in the Auth Configuration area.
7. Enable Change Password.
Enable collaboration with an LDAP server for fixed account verification
Perform this task to enable the cloud platform to report usernames and passwords to the LDAP server for verification when users attempt to access the WLAN by using fixed accounts. This frees network administrators from importing account information from the LDAP server to the cloud platform.
Restrictions and guidelines
To use this feature, make sure the LDAP server has been configured.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click the Account tile in the Auth Configuration area.
7. Enable LDAP and configure LDAP settings as needed.
8. Click LDAP Config Verification to verify the LDAP settings.
Change visual effect settings of the login page
Perform this task to customize the background color, background opacity, and text color on the login page.
Restrictions and guidelines
|
|
CAUTION: Restoring default settings will remove all user-defined visual effect settings and the restore operation is irreversible. Please use this feature with caution. |
Visual effect settings of authentication methods take effect only when multiple authentication methods are enabled.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click to expand the Login Style menu in the Auth Configuration area.
7. Configure the background color, background opacity, and text color as needed.
The adjustment will be displayed in the preview area in real time. To restore the default visual effect settings, click Restore Default.
Configure Internet access settings
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click to expand the Advanced Settings menu in the Auth Configuration area.
7. Configure Internet access settings as needed.
Parameters
· Session Timeout: Maximum continuous online duration of a client upon one authentication. A client will be logged off when its continuous online duration exceeds the timeout. The session timeout cannot be larger than the daily online duration.
· Daily Online Duration: Maximum online duration of a client for a day. A client will be logged off when its online duration for a day exceeds the limit. The daily online duration cannot be smaller than the session timeout.
· Minimum Traffic and Idle Timer: Logs off a client if its traffic within an idle timer fails to reach the minimum traffic threshold. Setting the idle timer to 0 disables the idle timer feature.
|
|
NOTE: As a best practice, set the idle timer to a value no larger than half of the clients' IP address lease, enabling entries of offline clients to be deleted in time. |
· Client Rate Limit: Limited rate of uplink and downlink client traffic. This feature is supported in versions higher than 5417P01.
· HTTPS for Landing and Login: Use HTTPS sessions for the Landing and Login page.
· Permit PC: Permit PCs to access the WLAN. Facebook authentication does not support this feature.
Manage dumb terminal account groups
Perform this task to create, delete, or edit dumb terminal account groups and import or export dumb terminal accounts.
If you enable dumb terminal authentication and specify an account group, only dumb terminals in the group can access the WLAN.
To manage dumb terminal account groups:
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane.
3. Click the Accounts tab.
4. On the Dumb Terminal Accounts tab, configure dumb terminal account groups.
Configure portal automated authentication
This feature allows users that have been authenticated to access the network without re-authentication within the auth-free period. The following modes are available:
· Portal redirection—In this mode, users must run a browser to trigger automatic portal authentication. This mode supports pushing ads to clients.
· MAC-trigger—In this mode, users can access the WLAN without running a browser. This mode does not support pushing ads to clients.
Configure portal redirection authentication
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click to expand the Advanced Settings menu in the Auth Configuration area.
7. Click the Auth-Free tab and configure the Free Auth feature.
Configure MAC-trigger authentication
1. Configure portal redirection authentication. For more information, see "Configure portal redirection authentication."
2. Apply MAC binding server cloud to service template cloud.
[Sysname] wlan service-template cloud
[Sysname-wlan-st-cloud] portal apply mac-trigger-server cloud
Configure inter-site and inter-SSID re-authentication
This feature allows clients that have been authenticated to roam between wireless services associated with different sites or different SSIDs for the same site without re-authentication. These wireless services must use the same authentication template or have the same SSID.
Restrictions and guidelines
This feature is available only for authentication templates configured in the App Center.
Procedure
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane.
3.
.Click the Draw icon 
for the target authentication template.
4. Click to expand the Advanced Settings menu in the Auth Configuration area.
5. Click the Auth-Free tab and enable Free Auth.
6. Configure inter-site and inter-SSID re-authentication.
Configure Internet access control
Perform this task to specify the time ranges during which users are allowed to access the WLAN.
Restrictions and guidelines
Internet access control is on a per-hour basis. You can specify a maximum of five time ranges for a day. To specify a time range that ends at 24 o'clock, set the end time to 00. If you set a time range to 00 to 00 for a day, users can access the Internet at any time that day.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click to expand the Advanced Settings menu in the Auth Configuration area.
7. Click the Internet Access Control tab and specify the time ranges.
Configure the developer mode
|
CAUTION: Editing the codes of existing functions might disable cloud platform authentication. Please use this feature with caution. |
The developer mode allows users to modify the source codes of an authentication template for customization purposes.
Procedure
1. On the top navigation bar, click Network .
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Wireless Authentication Templates tab.
5.
Click the Draw icon 
for the target authentication template.
6. Click Developer Mode in the upper right corner.
Configure the domain name whitelist and blacklist
Restrictions and guidelines
This feature takes effect only when wireless authentication is configured.
Procedure
1. On the top navigation bar, click Network.
2. Select Settings > Routers > Authentication from the navigation pane.
3. Select a branch, a site, and a device from the top of the page.
4. Click the Domain Name Whitelist or Domain Name Blacklist tab to configure the whitelist or blacklist.
View or export history of authentication template deployment
Perform this task to view the history of all authentication template deployment or deployment in the current day, past 7 days, or past 30 days.
To view or export history of authentication template deployment:
1. On the top navigation bar, click Service.
2. Select Authentication from the navigation pane.
3.
On the Authentication Templates tab,
click the Apply icon 
for the target authentication template.
4. Click the ACs tab to view the deployment history for an AC.
Manage cloud platform users
Configure the client blacklist
Perform this task to forbid specific clients to access the WLAN.
Restrictions and guidelines
This feature takes effect only on offline clients. If you add an online client to the blacklist, the client will be rejected at the next access attempt.
Procedure
1. On the top navigation bar, click Network.
2. .Select Settings > Device Category > Users from the navigation pane.
3. Perform either of the following tasks to add users to the blacklist:
¡ On
the Guests tab, click the Add to Blacklist icon 
for the target user.
¡ On the Blacklist tab, click Add.
Log off online users
Perform this task to log off specific online users or all online users.
Restrictions and guidelines
This feature does not take effect on auth-free users.
This feature is available only in scenarios with an AC or wired router as the authenticator.
Procedure
1. On the top navigation bar, click Network.
2. Select Network > Clients > Client Statistics > Guest Details from the navigation pane.
3. Select a branch and a site from the top of the page.
4. On the Online Clients tab, click Authenticated Clients.
5. To log off specific clients, select the clients and then click Log Off Selected Users. To log off all clients, click Log Off All Users.
Configure portal fail-permit
This feature is available only in scenarios with an AC or wireless router as the authenticator.
Portal fail-permit allows users to have network access without portal authentication when the access device detects that the portal authentication server or portal Web server is unreachable.
After portal authentication resumes, unauthenticated users must pass portal authentication to access the network. Users who have passed portal authentication before the fail-permit event can continue accessing the network.
Restrictions and guidelines
For this feature to take effect, make sure you have configured basic settings on the device. For more information, see "Configure settings on the device."
Procedure
1. Enable portal fail-permit.
<Sysname> system-view
[Sysname] wlan service-template cloud
[Sysname-wlan-st-cloud] portal fail-permit web-server
[Sysname-wlan-st-cloud] quit
2. Configure portal Web server detection.
|
|
CAUTION: To avoid portal server flapping, follow the provided order to configure portal Web server detection. |
# Specify the URL and the type for portal Web server detection.
[Sysname] portal web-server cloud
[Sysname-portal-websvr-cloud] server-detect url
http://inccloud.intelbras.com.br:18081/portal/ping detect-type http
# Configure server detection:
¡ Set the detection interval to 600 seconds.
¡ Set the maximum number of consecutive detection failures to 2.
¡ Configure the device to send a log message and a trap massage after server reachability status changes.
[Sysname-portal-websvr-cloud] server-detect interval 10 retry 2 log trap
[Sysname-portal-websvr-cloud] quit
FAQ
I modified and deployed authentication template settings successfully. Why do the previous settings take effect on clients that come online after the deployment?
Verify that the settings are modified and deployed successfully. If the issue persists, clear browser access records and caching on the client.
The Authentication Templates page in the App Center does not display devices available for template deployment. What should I do?
Verify that the device version is as required. If not, upgrade the device to the most recent version.
How can I update my cloud platform to use newly released features?
Feature on the cloud platform are automatically updated and do not require manual operations. For new authentication template features, you might need to reconfigure and then release the template for the new features to take effect.
Why can a client go offline and then come online without being authenticated even if authentication free is not configured?
The system does not remove the client entry from the authenticated client list immediately upon a client disassociation event. The entry will not be removed until the idle timer expires or the administrator logs the client off. An offline client can come online without being authenticated if its entry still exists.
You can view client entries from the cloud platform or by executing the display portal user all command.
Why does the number of authenticated clients exceed the total number of online clients?
This symptom occurs if a client just went offline. The system does not remove the client entry from the authenticated client list immediately upon a client disassociation event. The entry will not be removed until the idle timer expires or the administrator logs the client off manually.
I have configured authentication settings on the device and the cloud platform as required. Client access attempt can trigger portal authentication but cannot open the redirection page. What should I do?
This issue might occur if the network segment of the client's IP address is unknown to the uplink devices and packets cannot be transmitted back. To resolve this issue, configure the nat outbound command on the device's interface that connects the device to the external network, or use IGP to advertise the network segment in the network.
iOS clients cannot trigger authentication even if optimized captive-bypass is enabled. What should I do?
Execute the portal captive-bypass optimize delay seconds command to set the captive-bypass detection timeout. The value range is 6 to 60 seconds and the default value is 6 seconds.
To avoid affecting device performance, do not set the timeout to a large value.