Provisioning Configuration

A Provisioning Configuration contains the necessary settings an Access Point device requires to boot up and get a basic configuration. It is a site-level entity, meaning that two Provisioning Configurations for the same Site cannot have the same name. However, two different Sites can each have a Provisioning Configuration with the same name.

The Provisioning Configuration is applied to Access Points by assigning the configuration to an Access Point (AP) Group. All Access Point members of the AP Group will utilize the associated Provisioning Configuration.

To manage Provisioning Configurations, navigate to the Provisioning Configuration List screen by clicking on Inventory > Provisioning Configuration under the “Configure” section of the OmniVista Cirrus Menu. This screen displays information about existing Provisioning Configurations and is also used to create, edit, and delete a Provisioning Configuration.

Creating a Provisioning Configuration

A Provisioning Configuration must be specified at the time an AP Group is created. There is a pre-configured default configuration (“Default Provisioning Config”) designated for each Site within an Organization. You can select the default configuration or create a new one.

Click on Create Provisioning Configuration to open the Create Provisioning Configuration screen. Complete the fields for each section of the screen as described below. When you are finished, click on Create Provisioning Configuration.

Basic Information

• Name (Required) - Enter a unique name for the Provisioning Configuration (up to 64 characters).

• Site (Required) - Select an existing Organization Site from the drop-down list or click on Create Site button to open the Create Site page and create a new Site (see the Create a Site online help) . The Provisioning Configuration is assigned to the specified Site.

• Auto-Group VLANs - A list of VLAN IDs to allow auto-grouping of APs during initial registration. Separate each VLAN ID entry with a comma (for example, 10, 20, 25-30). Based on the management VLAN ID received by LLDP, the AP can automatically be assigned to the corresponding AP Group.

• Description - Enter an optional description for the Provisioning Configuration.

• RF Profile (Required) - Select an existing RF Profile from the drop-down list or click on Create RF Profile button to open the Create RF Profile screen and create a new profile (see the RF Profiles online help) . The RF Profile contains the wireless attributes that are applied to all APs in the AP Group. When editing an existing Provision Configuration to change the specified RF profile, consider the following:

  • Changing the RF Profile is not allowed for a Provisioning Configuration that is associated with one or more APs when the current RF Profile country code is one of US/JP/ME but the new RF Profile country code does not match the current country code.

  • Changing the RF Profile is not allowed for a Provisioning Configuration that is associated with one or more APs when the country code for the new RF Profile is one of US/JP/ME but the current RF Profile country code does not match the new RF Profile country code.

  • An RF Profile assigned at the device level through the Device Catalog List takes precedence over the RF Profile assigned through the Provisioning Configuration.

• Time

  • Timezone (Required) - The timezone to be set on the APs.

  • NTP Server List - Enter the NTP Server for this Site. This sets the server list for all APs in the Site.

SSH

• SSH Login - Enables/Disables SSH login for APs in the Site. If enabled:

  • For Support Account - The SSH password used for an SSH connection to the AP.

    • Password - Enter a password that will be required to access an AP through SSH.

    • Confirm Password - Confirm the password.

  • For Root Account - Configuring a Root Account Password Seed adds a second layer of security for AP access. When you configure a Password Seed, the Root Password is derived from a character string composed of two parts: the Password Seed and the Fixed Root Password. The Password Seed can be changed on demand. 

    • Password Seed - Enter a Root Account Password Seed for the APs in the Site.

    • Confirm Password Seed - Re-enter the Password Seed.

AP Web

• AP Web - Enables/Disables web management of APs in the Site. If enabled:

  • Password - Enter a password that will be required to access an AP through the Web Management UI.

  • Confirm Password - Re-enter the password.

Client Behavior Tracking

• Upload To SFTP/TFTP Server - Enables/Disables uploading of a Client Behavior Log File to an FTP Server. If enabled, enter:

  • Server Type - FTP Server type (SFTP/TFTP).

  • Sever IP/Host Name - IP address or Host name of the FTP Server.

  • Port - FTP port number.

  • Remote Path - File path on the FTP Server storing the Client Behavior Log.

  • User Name (SFTP Server only) - User name used to access the SFTP Server.

  • Password (SFTP Server only) - Password used to access the SFTP Server.

  • Confirm Password (SFTP Server only) - Re-enter the password used to access the SFTP Server.

  • Log Upload Period - Frequency for uploading the Client Behavior Log to the FTP Server, in hours (Range = 1 - 24, Default = 1).

• Upload to Syslog Server - Enables/Disables uploading of Client Behavior Syslog messages to a remote Syslog Server. If enabled, enter:

  • Syslog Server IP - IP address of the Syslog Server.

  • Syslog Port - Syslog Port number.

Certificate

• Web Server - The Certificate used for communication between the AP Web Server and browser.

• Third Party External Portal Server - The Certificate used to communicate with a third-party portal server.

• Local LDAP - The certificate used for secure communication between the AP and an LDAP Server if the user authentication source is the local LDAP Server.

Redirection Settings

• Port Number on Proxy Server for Redirection - The HTTP proxy port number to use for redirection to UPAM or the CPPM Server.

• Redirect Server FQDN/IP Address - The FQDN/IP address used for redirection of HTTP traffic to UPAM or the CPPM Server. Specify the address that is associated with the dynamic URL returned from UPAM or the CPPM Server.

SNMP Setting

This option allows third-party SNMP-based platforms to monitor APs in a Site using SNMP. OmniVista Cirrus does not use SNMP to manage Stellar APs. With defined SNMP MIBs, an Administrator can monitor APs, configured services, and wireless clients and their traffic utilization.

• SNMP Service - Enables/Disables (On/Off) the SNMP Service on APs in the Site.

  • Version - The SNMP version. Select v3 or v2c. (Default = v3)

    • v3 - When SNMP v3 is selected, complete the following:

      • Username - The user account name.

      • Password - The password for the user account.

      • Confirm - Confirm the specified password.

    • v2c - When SNMP v2c is selected, complete the following field:

      • Read Community - The credential used for communication between the network management system and APs.

• Trap Service - Enables/Disables (On/Off) SNMP Trap Service on APs in the Site.

  • Version - The SNMP version. Select v3 or v2c. (Default = v3)

    • v3 - When SNMP v3 is selected, complete the following fields:

      • Username - The user account name.

      • Password - The password for the user account.

      • Confirm - Confirm the specified password.

      • Server IP - The server to which AP trap messages are sent. This is the IP address of the network management server you are using. It is not recommended that you use the OmniVista Cirrus Server IP address to avoid the posting of duplicate traps in OmniVista.

    • v2c - When SNMP v2c is selected, complete the following fields:

      • Community - The credential used for communication between the network management system and APs.

      • Server IP - The server to which AP trap messages are sent. This is the IP address of the network management server you are using. It is not recommended that you use the OmniVista Server IP address to avoid the posting of duplicate traps in OmniVista.

IoT Radio Configuration

• IoT Radio Mode - Select BLE to configure the IoT Radio Mode. If an AP in the Site supports BLE Beaconing, the BLE configuration (below) will be applied to the AP(s). IoT Radio Configuration is supported on the following APs -OAW-AP1201, OAW-AP1230 (only BLE supported), OAW-AP1201BG, OAW-AP1320, and OAW-AP1360.

BLE Configuration

This option is used to enable/disable BLE Beaconing for APs in the Site. BLE Beaconing is used by the Location Service to deliver location services like way-finding, geo-location, geo-notification, and geo-fencing.

• Advertising - Enables/Disables the BLE advertising function for the AP. If Advertising is enabled, the AP will broadcast BLE packets. If disabled, the AP will detect surrounding BLE Tags/Beacons and will report information to the server for analysis. Note that BLE Advertising must be enabled for Stellar Asset Tracking.

  • Emission Frequency - The time circle during which the BLE packets will be broadcast, in milliseconds. (Range = 20 - 9,000,000, Default = 200)

  • Tx Power - The transmit power used to broadcast BLE packets, in dBm. (Range = -20 - 19, Default = 4)

  • Tx Channel - The transmit channel used to broadcast BLE packets. It is recommended that you use a different channel than the channel used for the WLAN.

  • Advertising Protocol - Specify the BLE protocol used to define the broadcasting BLE beacon format.

    • iBeacon - Apple iBeacon format. Note that you must select iBeacon for Stellar Asset Tracking.

    • Eddystone-URL - Google Eddystone format. A compressed URL that, once parsed and decompressed, is directly usable by the client.

    • Eddystone-UID - Google Eddystone format. A unique static ID with a 10-byte Namespace component and a 6-byte Instance component.

      • Namespace - 20 characters containing 0-9a-f.

• Scanning - Enables/Disables the Bluetooth beacon scanning function for the AP. Note that BLE Scanning must be enabled for Stellar Asset Tracking.

  • Scanning Interval - The Bluetooth scanning interval for the AP, in milliseconds. (Range = 4 -10240, Default = 100)

  • OUI Allow List - Specify the MAC OUI allow list to filter devices for BLE beacon broadcasting. Only those beacons broadcasting from the devices within the OUI Allow List are valid and will be reported.

IoT/Location/Advanced Analytics Server

This option is used to set an IoT/Location/Advanced Analytics Server Profile for APs in the Site. If the location service is enabled, APs in the Site will report IoT/wireless scanning data/advanced analytics data to the selected servers.

• Wi-Fi RTLS Server Profile - Select a Wi-Fi RTLS Server Profile for APs. A default AeroScout Location profile with AeroScout engine type is provided or select a profile with the OmniVista Cirrus WiFi RTLS engine type. To create a new server profile, click Create Wi-Fi RTLS Server Profile to open the Create External Engine screen and add a new profile.

• BLE LBS Profile - Select a BLE Location Based Server Profile. The BLE Location profile is a Stellar Location Engine used for OmniAccess Stellar Asset Tracking. To create a new server profile, click Create BLE LBS Profile to open the Create External Engine screen and add a new profile.

• Advanced Analytics Server Profile - Select an advanced analytics profile with an OmniVista Cirrus Advanced Analytics engine type. A “Default Advanced Analytics” profile with OmniVista Cirrus Advanced Analytics engine type is provided to send advanced analytics data to OmniVista Cirrus R10 and above. To create a new server profile, click Create Advanced Analytics Server Profile to open the Create External Engine screen and add a new profile.

• OmniVista Advanced Analytics - Enables/disables the OmniVista Advanced Analytics functionality.

Data VPN Settings

• Data VPN Server(s) - Select the VPN Server to use for the Data VPN Tunnel. The user traffic will be carried in the data VPN tunnel between the APs and selected VPN Server. To create a new Data VPN Server, click Create Data VPN Setting to open the Create Data VPN Setting screen and add a new VPN Server.

Event Configuration

• Event Configuration Name - Select the event configurations that you want devices to send to OmniVista Cirrus. To create a new event configuration, click Create Event Configuration to open the Create Event Configuration screen and add a new event configuration.

Miscellaneous

• Virtual IP Address - The virtual IP address used for Captive Portal redirection in the AP. You can customize the virtual IP address according to your network deployment to avoid exposing the AP management interface. Be careful not to specify an IP address that is already in use in your network.

• Called Station ID - RADIUS attribute. Define what to pass in Called-Station-ID RADIUS attribute that is exchanged between the NAS client (Access Point) and RADIUS Server. By default, the format of Called Station ID" is: <AP-MAC-ADDRESS>:<SSID>. Example "00-10-A4-23-19-C0:guest". But in some special scenarios, administrators may need to change this default depending on how their RADIUS servers function. Note that, when UPAM is used as the RADIUS server and an Access Policy is configured with "SSID" attribute as the Mapping Condition, UPAM assumes the standard format of <AP-MAC-ADDRESS>:<SSID> to extract "SSID" value from this "Called-Station-ID" attribute . So, whenever this attribute is specified with a different value, UPAM Access Policy might need to be modified accordingly.

• IPv6 L3 Forwarding - Enables/Disables the IPv6 service on APs. Once enabled, IPv6 packets received by APs will be handled at the application level and forwarded on Layer 3. By default, the IPv6 service is disabled.

• IGMP Snooping - Enables/Disables the IGMP Snooping function on the APs.

Syslog

• Log Remote - Enable/Disable remote logging of AP events.

  • Syslog Server IP - The IP address of the remote Syslog Server.

  • Port - The port used to connect to the remote Syslog Server.

• Log Level - Select a log level for events. This sets the log level for all APs in the Site. Note that the AP Debug, System, Security, Wireless, Network, and User log levels must be equal to or higher than the AP Debug log level.

Post Mortem Dump

• PMD - Enables/Disables Post Mortem Dump (PMD) of information for APs in the Site.

• TFTP Server - The IP address of the TFTP Server used for PMD.

Editing a Provisioning Configuration

Select a Provisioning Configuration in the Provisioning Configuration List and click on the Edit icon under the “Actions” column or select Edit from the Actions drop-down menu to bring up the Edit Provisioning Configuration screen. Edit the fields as described above and click on Save.

Deleting a Provisioning Configuration

Select a Provisioning Configuration in the Provisioning Configuration List and click on the Delete icon under the “Actions” column or select Delete from the Actions drop-down menu. The following confirmation prompt appears: