Microsoft Lync Certification Configuration Guide for WiNG 5.5

(1)

Microsoft Lync Certification

Configuration Guide for

WiNG 5.5

December 2013 Revision 1

MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are the property of their respective owners.

(2)

Page 2

Table of Figures

Figure 1: Test bed set-up [1] ... 4

Figure 2: Configure IP address for NX9510 ... 5

Figure 3: Configure IP address for AP1 ... 6

Figure 4: Configuration of DHCP server IP addresses pool ... 7

Figure 5: Mapping the DHCP-policy to AP Profile ... 7

Figure 6: PSK-WLAN basic configuration ... 8

Figure 7 (a): PSK-WLAN security configuration... 9

Figure 7 (b): PSK-WLAN security configuration contd. ... 9

Figure 8: dot1x-WLAN basic configuration ... 10

Figure 9 (a): dot1x-WLAN security configuration ... 10

Figure 9 (b): dot1x-WLAN security configuration contd. ... 11

Figure 10: AAA-policy configuration ... 11

Figure 11: Mapping the AAA-policy to WLAN ... 12

Figure 12: Configuration of maximum users allowed per radio ... 13

Figure 13: Configuration of load balancing among APs' ... 14

Figure 14 (a): Configuration of load balancing among APs' ... 14

Figure 14 (b): Configuration of load balancing among APs contd. ... 15

Figure 15: dot1x-WLAN security configuration ... 16

Figure 16: dot1x-WLAN security configuration ... 16

Figure 17: Tunneling the client traffic ... 17

(4)

Page 4

Introduction

Microsoft is one of the leading vendors in communication. The Microsoft Lync certification mainly focuses on performance and robustness of the IT infrastructure on which its Microsoft Lync application runs. Motorola Solutions AP 7131, a dual radio 802.11n AP has been deployed for the certification. The access points are managed by Motorola NX 9510 running WiNG 5.5-070D built. The Motorola Solutions WiNG 5.5 is Lync certified by Microsoft.

Network Topology

A high density design can quickly get complex due to varying factors that need to be addressed. These factors can be summarized in a design methodology shown in the figure below.

Figure 1 – Test bed set-up [1]

Overview of Topology

The above centralized WLAN setup has been implemented for Microsoft Lync certification test. The Controller (NX 9510)/ Access Points (7131) communicate with the Lync Server over a Layer 3 network. The Lync server is the Lync W14 RTM CU4 version with Front End Server that routes calls between Lync End Points [1]. The certification requires each Access Point to be at least 20 feet from the other Access Point and each of them talking to the controller over the Layer 2 LAN [1]. Lync End Points 1 and 2 are within 15 feet from Access Point 1 and are associated with Access Point 1. Lync End Points 3 and 4 are within 15 feet from Access Point 2 and are associated with Access Point 2. Lync End Points 5 and 6 are within 15 feet from Access Point 3 and are associated with Access Point 3 [1]. Ixia IxVeriWave is used as the load generator to pump background TCP or UDP traffic in the upstream or downstream direction. Wireshark is used to sniff the packets on the wired and wireless network.

(5)

Page 5

Configuration

As per the requirements addressed by Microsoft Lync certification, following parameters are configured pre-testing:

 The entire test bed is on one single subnet 10.1.20.X with subnet mask as 255.255.255.0. The controller and APs’ are configured with following IP addresses. All addresses are mapped to

VLAN 20. Controller: 10.1.20.10 AP1: 10.1.20.11 AP2: 10.1.20.12 AP3: 10.1.20.13

The initial configuration of controller/AP configured from CLI: Controller:

To configure the IP address for VLAN 20 of the controller, enter into the privileged mode in CLI and on device level, configure IP address for VLAN 20. Commit and save.

Figure 2: Configure IP address for NX9510

Access Point:

The IP addresses for access points, for interface VLAN 20 can be configured in similar manner like controller. Figure 3 shows configuration of IP address for AP7131 (AP-1). The IP addresses for AP-2 and AP-3 can be configured in similar fashion. The access points would adopt to the NX 9510 controller.

(6)

Page 6

Figure 3: Configure IP address for AP1

On setting up IP address of the controller, the access point adopting to controller or controller configurations can now be set from GUI. As required for the certification, two WLAN with two different authentications are configured: PSK and 802.1X. The configuration required for these WLAN has been discussed in the next section of this document. For assigning IP address to the guest users associating with either of SSIDs’, a DHCP server is configured on the controller with address range of 10.1.20.51 to 10.1.20.250. The DHCP server policy is mapped to AP profile (manually created AP profile or default profile-depending on AP series).

Open the web-browser and navigate to controller’s IP address (https://10.1.20.10). Enter the username and password as set. Go to Configuration-»Services-»DHCP Server Policy-»Add.

Create a new DHCP Server Policy “ixia”. Create a DHCP IP addresses pool called “lync” and configure the parameters for the pool.

(7)

Page 7

Figure 4: Configuration of DHCP server IP addresses pool

Map the DHCP server policy to the AP profile.

Navigate to Configuration-»Profiles-»default (profile name for AP-7131)-»Edit-»Services:

Figure 5: Mapping the DHCP-policy to AP Profile

Below listed are the test cases and the respective configuration required for Microsoft Lync certification.

Note: The test cases that require configuration have been listed in this document. The tests that have not been listed are supported by WiNG 5.5 by default.

(8)

Page 8

Test Cases:

1. Access Point authenticates Lync End Point using WPA2 PSK and 802.1x

Two WLANs’ with two key authentications are configured; PSK and 802.1x. The SSIDs’ configured for both WLANs’ from GUI are: lync-PSK and lync-dot1x respectively. The WLANs’ are bridged locally.

Open the web-browser and navigate to controller’s IP address (10.1.20.10). Go to Configuration-»Wireless-»Wireless LAN-»Add:

(9)

Page 9 Navigate to Security tab after configuring the PSK WLAN and select authentication method as PSK:

Figure 7 (a): PSK-WLAN security configuration

Scroll down through the window and select encryption type as WP2-CCMP and hit OK, Exit, Commit and Save.

Figure 8 (b): PSK-WLAN security configurationcontd.

(10)

Page 10 Open the web-browser and navigate to controller’s IP address. Go to Configuration-»

Wireless-»Wireless LAN-»Add:

Figure 9: dot1x-WLAN basic configuration

Navigate to Security tab after configuring the dot1x WLAN and select authentication method as EAP:

(11)

Page 11 Scroll down through the window and select encryption type as WP2-CCMP and hit OK, Exit, Commit and Save.

Figure 11 (b): dot1x-WLAN security configuration contd.

An external RADIUS server is pre-configured by Ixia in its own setup. The 802.1x authentication requests are forwarded to this RADIUS server via the controller by creating AAA-policy and mapping it to the WLAN.

Navigate to Configuration-»Network-»AAA-Policy-»Add:

(12)

Page 12 Navigate to Configuration-»Wireless-»Wireless LAN-»dot1x-»Edit-»Security:

Figure 13: Mapping the AAA-policy to WLAN

2. Balancing Clients across Access Points

2.a Access Point responds with busy signal when it has reached maximum

allowable users

This test case requires the access point to respond a client with a busy signal when it has reached its maximum limit to accept the number of clients and cannot accept any more associations. The goal for this test is to test this feature of AP with a lync call and measure its impact on ongoing call.

For this testing, each AP is preconfigured to have a client capacity of 100. Hence, when 101th client sends an association request to any of the AP, the AP will check if it has reached its maximum client capacity and will respond back with a disassociation message with status code as “at capacity” if it has reached its limit. The WLANs’ have been mapped to the AP radios’. The client maximum capacity can be set per radio in AP profile as shown below:

(13)

Page 13

Navigate to Configuration-»Profiles-»default-»Radios-»radio2-»Edit:

Figure 14: Configuration of maximum users allowed per radio

2.b WLAN system load balances clients across Access Points

WiNG 5.5 comprises of multiple features that helps to achieve better network performance. By using the load balancing feature, the clients can be load balanced on basis of band (2.4 GHz or 5 GHz) or amongst the neighboring APs’ or balancing loads across channel in that band.

With client load balancing amongst different neighboring access points, some other parameters are required to be configured in addition to the maximum clients allowed per AP radio value.

(14)

Page 14

Enable client load balancing on WLAN level. Navigate to Configuration-»Wireless-»Wireless LAN-»PSK-»Edit-»Client Load Balancing tab and enable client load balancing:

Figure 15: Configuration of load balancing among APs'

Configure client load balancing parameters on AP profile level. Navigate to Configuration-»Profiles -»default-»Advanced-»Client Load Balancing tab:

(15)

Page 15

Scrolling down the window:

Figure 174 (b): Configuration of load balancing among APs contd.

Configuring the above parameters ensures that the clients are distributed almost equally among APs’. The client distribution is dependent on “Equality margin” set. As seen from above configuration example, the “maximum AP load difference considered equal” is the equality margin. The equality margin represents the difference allowed between APs’ while the clients associate with the AP radio. For instance, if the equality margin is set to 50, then AP1 might have say 500 clients associated to its radio and AP2 may have approximately, 550 clients. The difference, 550 - 500 = 50, is the equality margin and as new clients keep on associating with either of access points, this equality margin maintained. It is advisable to have high equality margin, in the cases where large number of clients are deployed. In the above scenario, the margin is kept 50 as the clients would converge (the clients would associate with AP in mass) faster in contrast to margin set to 5 or so. In conclusion, the equality margin should be set in accordance to site requirement.

Note: WiNG 5.5 introduces a special feature “group-id” attribute for load balancing the clients. In a case where one wants to load balance clients amongst specific number of neighbor APs’ out of multiple neighboring APs’ configured for that WLAN, one can assign “group-id” attribute on the device level for each of those AP in order to load balance the associating clients. The group-id can be set from AP profile level also. Currently, with WiNG 5.5, the group-group-id can be configured from CLI only.

(16)

Page 16

3. Access Point supports WPA2-AES encryption:

Navigate to Configuration-»Wireless-»Wireless LAN-»dot1x-»Edit-»Security and enable WPA2-CCMP:

Figure 18: dot1x-WLAN security configuration

4. Access Point supports WPA-TKIP encryption:

Navigate to Configuration-»Wireless-»Wireless LAN-»dot1x-»Edit-»Security and enable WPA/WPA2-TKIP:

(17)

Page 17

5. Requirement of Priority Tag Mapping to Tunnel Priority

5.a Access Points that tunnel all client traffic to controller map DSCP tags from the wired Lync End Point to DSCP tunnel priority tags

Navigate to Configuration-»Wireless-»Wireless LAN-»PSK-»Edit and enable set bridging mode as tunnel:

(18)

Page 18

5.b Access Points that tunnel all client traffic to controller map WMM tags to DSCP tunnel priority tags

Navigate to Configuration-»Wireless-»Wireless LAN-»PSK-»Edit and enable set bridging mode as tunnel:

Figure 21: Tunneling the client traffic

References:

1) http://www.ixiacom.com/pdfs/library/quick_ref_sheets/Microsoft-Partner-Wiress-AP-Lync-Qaulification-Testing.pdf, TDS_Wifi-W15 document

Microsoft Lync Certification Configuration Guide for WiNG 5.5