The following Network Deployment, Bandwidth, Proxy, Firewall, and NTP Servers configurations must be verified/configured on your local network before using OmniVista Cirrus.

Network Deployment

Verify the following DHCP deployment requirements are met:

Standard Requirements

  • IP Address - DHCP Server IP address.

  • Option 1 - Subnet Mask.

  • Option 2 - Gateway.

  • Option 6 - Domain Name Servers - Required for FQDN resolution of OmniVista Cirrus connection points.

  • Option 28 - Broadcast Address. This option is only recommended, not required.

  • Option 42 - NTP Server(s) - Required for Certificate validation (start date and duration), and all related encryption functions. This option is not required; however, it is recommended.

ALE Specific Requirements

  • Option 43

    • Sub-Option 1 - Vendor ID. Validate the DHCP response (must be set with the value alenterprise). This sub-option is only required if you specify any of the sub-options listed below.

The following Sub-Options are only required if you are using a Proxy to connect to the Internet.

  • Sub-Option 129 - Proxy URL. It can be either an IP address or a URL (e.g., "IP-address=4.4.4.4", "URL=http://server.name").

  • Sub-Option 130 - Proxy Port.

  • Sub-Option 131 - Proxy User Name. If the customer proxy access requires authentication, both 131 and 132 can be supplied via these sub-options.

  • Sub-Option 132 - Proxy Password.

  • Sub-Option 133 - Network ID.

  • Option 138 - Remove any existing configuration (required for all ALE Devices).

Access Points that are declared for Analytics Only monitoring from OmniVista Cirrus 10.2 are not supported behind a proxy. Make sure a direct connection (without any HTTP proxy configured) exists between Analytics Only Access Points and the internet to allow the Access Points to send QoE and Analytics data.

Bandwidth Requirements

Onboarding
For basic onboarding of devices and connection to the OmniVista Cirrus Server, a minimum of 10 kbps end-to-end network throughput is required between the device and OmniVista Cirrus.

Advanced Management
To enable statistics data transfer, status queries, configuration commands, and other requests/responses between devices and OmniVista Cirrus, a minimum of 64 kbps end-to-end network throughput is required between the device and OmniVista Cirrus. APs must be running the latest AWOS software version.

Proxy Requirements

If a device is accessing the Internet via an HTTP/HTTPs proxy, the proxy server must be specified in DHCP Option 43, Sub-option 129 (Server) and Sub-Option 130 (Port). The server may be specified in 1 of 2 formats: 1) “URL=http://server.domain”, or 2) “IP-address=8.8.8.8”. The port is specified as a number (8080).

Firewall Requirements

The following ports must be configured to allow outbound traffic from your local network:

  • 443 - If you are not using a Proxy to connect to the Internet, your firewall must allow outbound access to this port; if you are using a Proxy, you need to be able to access this port via your local proxy.

  • 80 - Relevant only if you are accessing UPAM Guest/BYOD Captive portal via insecure HTTP.  If you are not using a Proxy to connect to the Internet, your firewall must allow outbound access to this port; if you are using a proxy, you need to be able to access this port via your local proxy.

  • 123 - Relevant if you are using an NTP Server that is outside of your network. You must ensure that your firewall allows outbound access to port 123 UDP. This access cannot be mediated by a proxy, it must be direct (NAT is allowed).

  • 53 - Relevant if you are using a DNS Server that is outside of your network. You must ensure that your firewall allows outbound access to both port 53 TCP and port 53 UDP. This access cannot be mediated by a proxy, it must be direct (NAT is allowed).

For Access Points that will be monitored in Analytics Only mode from OmniVista Cirrus 10.2, open TCP ports 9093, 30123, 30124, and 30125 in your firewall, if necessary.

NTP Server Requirements

An NTP Server(s) is required for Certificate validation (start date and duration), and all related encryption functions. Devices must have access to at least one NTP Server, whether local or external. Note that if a device's System Time is not correct, it may take several attempts to synchronize with the NTP Server before the device connects to the OmniVista Cirrus Server.