Instruction Manual for Alcatel Lucent models including: Stellar WLAN OmniAccess Stellar Range, Stellar WLAN, OmniAccess Stellar Range, Stellar Range, Range
31 mag 2024 — The Quick Start Guide assists you in quickly connecting to and configuring the Stellar AP. ... DPI FTP policy. Create one policy list binding and two policies,.
File Info : application/pdf, 21 Pages, 698.76KB
DocumentDocumentRelease Notes OmniAccess Stellar AP AWOS Release 4.0.8 GA Release These release notes accompany the OmniAccess Stellar Operating System (AWOS) Release 4.0.8 software for the Stellar APs. This document provides important information on individual software and hardware features. Since much of the information in the release notes is not included in the hardware and software user manuals, it is important to read all sections of this document before installing new hardware or loading new software. Release Notes Part Number 033753-10 Rev. A Alcatel-Lucent Enterprise. Copyright © 2024. All rights reserved. May 2024 Table of Contents Related Documentation ......................................................................................................... 3 Hardware Supported ............................................................................................................ 4 Supported Mode .................................................................................................................. 4 New Software Features and Enhancements ................................................................................ 4 Fixed Problem Reports Between Build 4.0.7MR4 and 4.0.8.16 ........................................................ 4 Open/Known Problems .......................................................................................................... 5 Limitations and/or Dependencies............................................................................................. 6 New Software Feature Descriptions.......................................................................................... 9 Technical Support...............................................................................................................21 Page 2 of 21 AWOS Release 4.0.8 GA May 2024 Related Documentation The release notes should be used in conjunction with the associated manuals as listed below. User manuals can be downloaded at: https://myportal.al-enterprise.com/.dfdf. Stellar AP Quick Start Guide The Quick Start Guide assists you in quickly connecting to and configuring the Stellar AP. Stellar AP Installation Guide Provides technical specifications and installation procedures for the Stellar AP. Stellar AP Configuration Guide Includes procedures for managing and configuring all aspects of the Stellar AP using the built-in web interface. Technical Tips, Field Notices, Upgrade Instructions Contracted customers can visit our customer service website at: https://myportal.al-enterprise.com/. Page 3 of 21 AWOS Release 4.0.8 GA May 2024 Hardware Supported · AP1101, AP1201, AP1220 series, AP1230 series, AP1251, AP1251-RW-B, AP1261-RW-B, AP1201H, AP1201L, AP1201HL, AP1320 series, AP1360 series, AP1201BG, AP1301, AP1301H, AP1311, AP1331, AP1351, AP1451, AP1431, AP1411. Supported Mode · The AWOS 4.0.8.16 is ONLY applicable for Express mode and OmniVista Cirrus 10.4.2, can NOT be used for OmniVista 2500 and OmniVista Cirrus 4. New Software Features and Enhancements The following software features are new with this release, subject to the feature exceptions and problem reports described later in these release notes: Feature Platform Support DRM Enhancement (Express & OVNG) All 6GHz Feature Implementations (Express & OVNG) AP1411, AP1431, AP1451 Wi-Fi Enhanced OpenTM (Express & OVNG) All Mesh Enhancement (Express) All ICMP Filtering Policy (OVNG) All Whitelist configuration for social login and external portal All Allow wildcard (Express & OVNG) DFS Radar detection analytics (OVNG) All Voice/Video awareness events/logging (Express & OVNG) Except AP1101, AP1201H, AP1201HL, AP1201L, AP1261-RW-B AP should include PMF capability of clients in user.report (OVNG) Except AP1101, AP1201H, AP1201HL, AP1201L, AP1261-RW-B AP should report PoE and txchain fields in apinfo.report (OVNG) Except AP1101, AP1201H, AP1201HL, AP1201L, AP1261-RW-B Device Troubleshooting Enhancements in AP Dynamic VLAN support (Express) Add current thresholds to apinfo.report AWOS add "hostname" in DHCP request (Express & OVNG) All All Wi-Fi 6/6E products: AP1320 series, AP1360 series, AP1301, AP1301H, AP1311, AP1331, AP1351, AP1451, AP1431, AP1411 Except AP1101, AP1201H, AP1201HL, AP1201L, AP1261-RW-B All No Wired port show when view port of AP1301H/1311 when no Except AP1101, AP1201H, AP1201HL, client is connected (OVNG) AP1201L, AP1261-RW-B Client Isolation functionality should be extended to Wired downlink ports on Access Points (Express) AP1201H, AP1201HL, AP1301H, AP1311 Note: ICMP Filtering Policy (OVNG) is ready on AWOS build, OVNG is going to be supported on OVNG 10.4.4. Fixed Problem Reports Between Build 4.0.7MR4 and 4.0.8.16 PR ALEISSUE-1767 Case number: 00710455 Description Summary: Atrium#00710455 - Stellar AP lost config, rebooting the AP solved the issue. Explanation: It is optimized in some cases AP does not get preconfig from OmniVista Cirrus 10: Page 4 of 21 AWOS Release 4.0.8 GA May 2024 1. In some cases AP is not getting the preconfig. In this case AP will use the config present in its flash if there is one already present. 2. If Administrators execute save to running config on OmniVista Cirrus 10 and AP gets an empty preconfig, AP will not save the empty one. Click for additional information Open/Known Problems The problems listed here include problems known at the time of the product's release. Any problems not discussed in this section should be brought to the attention of the Service and Support organization as soon as possible. Please contact customer support for updates on problem reports (PRs) where no known workaround was available at the time of release. PR Description Workaround WCF WCF feature is not supported when WLAN Client is No workaround. running behind an HTTP Proxy. WCF WCF feature is not supported when WLAN Client is No workaround. using mobile applications, there is no restrictions (packets are not dropped by AP, no redirection to Restricted Web page). Management VLAN When the management VLAN is enabled, setting the static IP may fail. The static IP must be set first, and then enable the management VLAN. DPI [reflexive] configure link tracking. DPI_DROP does After modifying the reflexive, the client not take effect. needs to go online and offline again, which can return to normal. AP stateful IPv6 address The IPv6 address of the dual-stack AP is a stateful address. After configuring the open type of WLAN, to associate the WLAN with the wireless network card of win 7 11n set to single-stack V6, check the network on-off condition of the V6 address. When you manually configure a V6 address of the same network segment on the client as the gateway address, you can communicate with the same network address. DPI FTP policy Create one policy list binding and two policies, results that the user cannot access the FTP. No workaround. WCF WCF does not support L3 roaming scenarios. No workaround. Option82 After enabling option82 feature, in some scenarios, user roaming and reacquiring IP addresses can cause a brief broadcast storm. Will be fixed in future release. AP1411 Radio Configration After switching the radio, the previously unused band is set to a disabled state (Express). Manually enable the band in AP RF. SNMPv3 Some special characters can cause SNMP communication issues. The special characters include the following: $,",() Don't using these special characters. 6G wIPS 6G radio does not support wIPS feature. Will be supported in future release. mDNS AP1411/AP1431 does not support mDNS feature. Will be supported in future release. ALEISSUE-1529 AP1101 rebooted due to kernel panic. Will be fixed on AWOS 5.0.1. DPI DPI memory leak issue. Will be fixed in future release. Mesh 1.If AP working on DFS channel, the client/mesh client can't connect to AP. 1.Change the channel to non-DFS channel. 2.Will be fixed in future release. Page 5 of 21 AWOS Release 4.0.8 GA May 2024 PPSK Force 5G Client Isolate Captive Portal WIPS Dynamic VLAN Enhanced Open WLAN Scope Static WEP Wired Client DSCP 2.Create new WLAN on band different from Mesh, will cause reconnect on mesh network. PPSK feature on the AP applied an error VLAN to client. Enable MAC authentication. Will be fixed on AWOS 4.0.7MR5 The Force 5G feature does not work for certain clients. Will be fixed on AWOS 4.0.7MR5 The client can't access network in Mesh non-root Disable Client Isolate. AP and Client Isolate is enabled on WLAN. Will be fixed on AWOS 4.0.7MR5 The client can access the network without CP authentication in roaming scenarios. Set a default ARP in Authentication Strategy. The module loading configuration is abnormal. Will be fixed on AWOS 4.0.7MR5 1. When dynamic VLAN is assigned for client, ACL and Client isolation for wired user will not take effect. 2. When client roaming with dynamic VLAN, client IP may not be displayed on UI. 3. Kick off iPhone client, and then connect to WLAN with dynamic VLAN, it can't obtain IP address sometimes, it can be recovered by forgetting the network and connect again. No issue on other type of client. Will be supported in future release. Modify Enhanced Open WLAN to Open, Client Disable/Enable WLAN. can't obtain IP address, this issue happens only on Will be fixed in future release. AP1101. Modify existing PSK WLAN Scope type from all to specific AP, client can't connect to this WLAN, the issue only happens on AP1431. Will be fixed on AWOS 5.0.1/AWOS 4.0.7MR5. Wireless client can still connect to WLAN when configured index value different from the WLAN's index. Will be fixed in future release. For devices which supports downlink port, there are issues below: 1. Wired Client will go offline and online when modify Wireless WLAN or Downlink port config. 2. Plug and unplug Wired Client to OAW-AP1301H and move it to other ports of Switches in the same LAN, then plug it back to OAW-AP1301H, will cause FDB learn error in rare cases. Disable and enable the corresponding port can recover. Will be fixed in future release. When configuring tagged VLAN ID on 5G WLAN, DSCP does not take effect. Will be fixed in future release. Limitations and/or Dependencies Feature AP Model Limitations and/or Dependencies WCF All 1. WCF does not support http over proxy scenario. 2. WCF does not support blocking mobile applications access. Client's packets are not restricted (packet not dropped by AP, no redirection to Restricted Web Page) Page 6 of 21 AWOS Release 4.0.8 GA May 2024 HTTPs CP over proxy AP 802.1x client Wired Port DRM IGMP Snooping Mesh DPI Bypass VLAN mDNS Show device name Management VLAN Static IP LACP Link aggregation Link aggregation ALEISSUE-1294 ALEISSUE-1343 11K Client Isolation Express mode WLAN number All All AP1201HL All All Stellar Wi-Fi 6 AP Models All AP1201/ AP1220 series/ AP1251 AP1201H/ AP1201HL AP1201H/ AP1201HL /AP1261RW-B All AP1351/A P1451 All AP1351 All AP1201H( L) Aps without scan radio All All 3. WCF does not support RAP scenario. 4. When using Iphone roaming between Aps, reject page can't be redirected when using Safari, but it works ok for other browser such as Chrome 5. If the mobile device has already cached the DNS for the corresponding URL, the WCF functionality will not take effect. 6. WCF Feature is not supported when WLAN Client enabled secure DNS (DoT or DoH) For iOS does not support to configure URL to bypass the proxy, this function does not work on iOS devices. Wireless clients can't connect to internet on untag VLAN with AOS switch due to AOS switch treat all untag devices as 802.1x client. 1. AP1201HL switches to a Group with downlink configuration, wired client cannot access it. 2. AP1201HL enables trust tag and option 82, wired client may not obtain IP address In some cases, when the channel utilization reaches more than 90%, the channel does not switch automatically, which seriously affects the user experience. For 11AX devices, if there is no multicast querier in the environment, the conversion from multicast to unicast may fail. We recommend that the switch of IGMP Snooping feature be turned on by default. Multicast to unicast is not supported in Mesh mode. When DPI function is enabled, it is recommended to have an initial free memory size of about 30MB after AP booting up for system stable running. If the booting up free memory size is far less than 30MB, suggest removing unnecessary WLAN/VLAN/Policy/DPI rule on AP1201/AP1220/AP1251. If the bypass VLAN function is enabled, setting VLAN id A, and setting the management VLAN to tag VLAN id is also A, which will cause the AP itself to be inaccessible and affect the operation of AP. Therefore, there is a restriction here that the tag for managing VLAN cannot be the same as bypass. AP1201H/1201HL/AP1261-RW-B Downlink Terminal does not support mDNS message forwarding. When some clients connect to wlan, there is no option12 field in the dhcp message, so its hostname cannot be displayed. When configure LACP + Management VLAN + Static IP for AP1351, the network will not be reachable after AP reboot if LACP aggregated link is formed, the workaround of this issue should be disable LACP on switch side. Link aggregation with management VLANs has a certain probability of failure There is very low probability on AP1351 that ethernet PHY fail to receive messages in the scenario of link aggregation. This improvement might cause some lower version of SSH clients cannot connect to Stellar AP running this new build, upgrade SSH client version will avoid this problem. VLAN 4090-4094 is not allowed configured. To make sure 11k function work as expectedwe should configure the AP background scanning on "Working Channel and Non-working Channel". 1. Client A connect to WLAN1 with ARP1, and Client B connect to WLAN2 with ARP2, in this case, If Client A and B needs to communicate to each other, both of the two clients need to be added into whitelist, either one of Clients add into whitelist can't ensure communication between these two clients. 2. In case of Express mode, configure WLAN using internal portal + external MAC authentication, client isolation will not work, suggest using internal or external portal authentication only. Starting with AWOS 4.0.5 in Express mode, we can create 15 user SSIDs on clusters with following models. Page 7 of 21 AWOS Release 4.0.8 GA May 2024 ALEISSUE-1367 RAP wired downlink port Certificate management WPA3+11r Dynamic VLAN Enhanced Open Transition Mode USB flash drive All All Stellar AP with downlink wired port. All All All Stellar Wi-Fi 6 AP Models All OAWAP1301 · AP1301H, AP132x, AP1331, AP136x, AP1351 & AP1451 If a cluster has any of the following models, limit remains at 7 user SSIDs. · AP1311, AP1301, AP12xx and AP1101 OV IP was not supposed to be included in the local breakout IP range. 1. Trust tag VLAN ID should not be same as Mac VLAN ID. 2. After enabled trust tag, should not use VLAN0. 3. Don't support authentication and policy rules. In express mode, the password of the certificate does not support special characters. Some clients do not support WPA3+11r. For Dynamic VLAN is only supported for all Wi-Fi 6 AP models under Express mode, it is not suggested to enable the function when there is Wi-Fi 5 APs in this Cluster. There will be roaming issues when client roams between Wi-Fi 6 and Wi-Fi 5 APs. Mobile devices with Android OS connects to Enhanced Open Transition Mode WLAN, sometimes it connects to Open WLAN and sometimes it connects to OWE WLAN, When the issue happens AP works as expected broadcasting beacons with related Transition mode info IE. It is suggested to upgrade mobile devices to latest software version. Plug in the USB flash drive, and doing factory reset or OS upgrade, AP can't obtain IP address when AP boots up again, power cycle the device will recover. Page 8 of 21 AWOS Release 4.0.8 GA May 2024 New Software Feature Descriptions DRM Enhancement (Express & OVNG) Stellar AP performs DRM at first bootup to select the best channel/power assignment. Subsequently the algorithm is run every 6 hours unless the selected channel is a DFS channel, and radar signal gets detected. Some environments recommend channel reassignments happen only every 24 hours and typically during non-peak hours. Some other environments want to ensure channel transitions occur faster when AP makes decision. As part of RF profile in Background scanning section, we provide option to set: DRM Interval - Provide option in hours. Default value 6Hrs. Min value 0.5Hr - Max value 12. DRM change hour - (default anytime). User has option to select any specific hour of the day between 023 hours. Note: DFS radar detection change will take effect immediately. Go to Express UI Wireless->RF, click DRM Time Control. By default, DRM interval is taken effect, default value is 6Hrs. Page 9 of 21 AWOS Release 4.0.8 GA May 2024 To select any specific hour, you can enable DRM Time Control. 6GHz Feature Implementations (Express & OVNG) In this release, 6G Dedicated scanning and 6G CSA function are supported. For 6G Dedicated scanning, go to AP UI page -> RF Environment (products support 6G), choose 6GHz Band, and click One Time button. Page 10 of 21 AWOS Release 4.0.8 GA May 2024 For 6G CSA function, go to Express UI -> Wireless -> RF, select one AP which supports 6G, and roll down on Edit RF Information page, you can see CSA configurations in "Others" section, default configuration is the same as 2.4G and 5.8G. Page 11 of 21 AWOS Release 4.0.8 GA May 2024 Page 12 of 21 AWOS Release 4.0.8 GA May 2024 Wi-Fi Enhanced OpenTM (Express & OVNG) The enhanced open transition mode enables a seamless transition from open unencrypted WLAN connections without adversely impacting the end user experience. It provides the ability for enhanced open and nonenhanced open clients to connect to the same open system virtual AP. In this mode the AP broadcasts two different types of BSSID. One legacy Open SSID on 2.4/5GHz band, and one Enhanced Open SSID on 2.4/5/6GHz band. To create enhanced open transition mode WLAN, go to Express UI and create new WLAN, select "Enhanced Open" in Key Management. Page 13 of 21 AWOS Release 4.0.8 GA May 2024 Select checkbox "Transition Mode" in Enhanced Open. Page 14 of 21 AWOS Release 4.0.8 GA May 2024 Mesh Enhancement (Express) Mesh Enhancement is supported in OVE & OVC mode in AWOS 4.0.7MR4, and in this release, it is supported in Express mode. The configurable range for different products is as follows: Products Radio 11AC 2.4G/5G 11AX 2.4G/5G 11AX 6G Key Management Both (wpa&wpa2) wpa2-personal Both (wpa&wpa2) wpa2-personal Both (wpa2&wpa3) wpa3-personal wpa3-personal The default configuration for 4.0.7MR3 is as follows: Products Radio 11AC 2.4G/5G 11AX 2.4G/5G 11AX 6G Key Management wpa2-personal Both (wpa2&wpa3) wpa3-personal Page 15 of 21 AWOS Release 4.0.8 GA May 2024 11AC devices Page 16 of 21 AWOS Release 4.0.8 GA May 2024 11AX devices Whitelist Configuration for Social Login and External Portal Allow Wildcard (Express & OVNG) Allow in walled garden configuration wildcard leading domains, AP will snoop all the DNS traffic and dynamically add resolved IP addresses of wildcard matched domain into walled garden IP address list. Go to Express UI -> Access -> Blocklist & Allowlist -> Walled Garden Page 17 of 21 AWOS Release 4.0.8 GA May 2024 Dynamic VLAN Support (Express) Radius Dynamic VLAN assignment. This allows the network to advertise a single SSID, allows specific users to inherit different VLANs based on the user credential. This allows the wireless client to remain on the same VLAN as it moves within a campus network. Note: it is ONLY supported on 11AX products. Go to Express UI -> WLAN -> Create WLAN, select Security Level with Enterprise, and configure Radius Server parameters in the screenshot below, the feature will be taken effect if Radius Server returns desired VLAN to AP. The following RADIUS attributes are supported in Stellar Express mode (RFC-2868): · Tunnel-Type (IEFT #64) = VLAN · Tunnel-Medium-Type (IEFT #65) = 802 (6) · Tunnel-Private-Group-ID (IEFT #81) = [tag, string] Page 18 of 21 AWOS Release 4.0.8 GA May 2024 AWOS Add "hostname" in DHCP Request (Express & OVNG) AWOS AP sends "hostname" in every DHCP request for both IPv4 and IPv6. In DHCPv4, option 12 must be used for hostname. In DHCPv6, option 39 must be used for hostname. It is implemented as below: Use APAABBCC (use last 6 hex of MAC) for DHCP request and keep current hostname in AP's Shell and Management UI. If user modifies its AP name, AWOS will use AP name changed by user. You can change the AP name in Express UI below, in AP configuration page. Page 19 of 21 AWOS Release 4.0.8 GA May 2024 Client Isolation Functionality Should be Extended to Wired Downlink Ports on Access Points (Express) Client isolation is supported for SSID, when enabled all clients on the wireless network across APs can only communicate with the default gateway. We also support along with client isolation, configuring allowlist of MAC addresses that are open to communication. In this release, Client Isolation is also supported on wired downlink port, when enabled on wired downlink port, all clients can only communicate with default gateway and allowed contact list if configured as part of the ARP that gets assigned. To enable the functionality, go to Express UI -> Network -> Wired Network Configuration, toggle the "Client Isolate" switch on. Note: Allowed contacts list can't be configured in Express mode. Page 20 of 21 AWOS Release 4.0.8 GA May 2024 Technical Support Alcatel-Lucent Enterprise technical support is committed to resolving our customer's technical issues in a timely manner. Customers with inquiries should contact us at: Region North America Latin America Europe Union Asia Pacific Phone Number 1-800-995-2696 1-877-919-9526 +800 00200100 (Toll Free) or +1(650)385-2193 +65 6240 8484 Email: ale.welcomecenter@al-enterprise.com Internet: Customers with Alcatel-Lucent service agreements may open cases 24 hours a day via AlcatelLucent's support web page at: https://myportal.al-enterprise.com/. Upon opening a case, customers will receive a case number and may review, update, or escalate support cases on-line. Please specify the severity level of the issue per the definitions below. For fastest resolution, please have telnet or dial-in access, hardware configuration--module type and revision by slot, software revision, and configuration file available for each switch. Severity 1 - Production network is down resulting in critical impact on business--no workaround available. Severity 2 - Segment or Ring is down or intermittent loss of connectivity across network. Severity 3 - Network performance is slow or impaired--no loss of connectivity or data. Severity 4 - Information or assistance on product feature, functionality, configuration, or installation. www.al-enterprise.com The Alcatel-Lucent name and logo are trademarks of Nokia used under license by ALE. To view other trademarks used by affiliated companies of ALE Holding, visit: www.al-enterprise.com/en/legal/trademarks-copyright. All other trademarks are the property of their respective owners. The information presented is subject to change without notice. Neither ALE Holding nor any of its affiliates assumes any responsibility for inaccuracies contained herein. © Copyright 20XX ALE International, ALE USA Inc. All rights reserved in all countries. Page 21 of 21 AWOS Release 4.0.8 GA
Alcatel-Lucent Enterprise | Network, Cloud & Communications solutionsTrademarks Copyright | Alcatel-Lucent Enterprise
myportal.al-enterprise.com/myportal.al-enterprise.com/alebp/s/tkc-redirect?000075431Alcatel-Lucent Enterprise | Network, Cloud & Communications solutionsTrademarks Copyright | Alcatel-Lucent Enterprise