Cisco Compatible Extensions

Transcription

APPLICATION NOTE
Using the Azimuth CCX 4.6 PreCertification Benchmark Test Suite
Azimuth Systems, Inc.
31 Nagog Park
Acton, MA 01720
Tel. 978.263.6610
Fax 978.263.5352
www.azimuthsystems.com
©2007 Azimuth Systems, Inc.
Pub. No. 042507, Rev. v4.6, 4/25/07
Printed in USA
Copyright © 2007 Azimuth Systems, Inc. All rights reserved.
Azimuth, Azimuth DIRECTOR, SpyNIC, ACE, ADEPT, RadioProof and testMAC are trademarks of
Azimuth Systems, Inc. Microsoft and Windows are trademarks of Microsoft Corporation. Adobe, Acrobat,
and Acrobat Reader are trademarks of Adobe Systems Incorporated. All other third-party trademarks and
service marks referred to in these materials are the property of their owners.
No part of this documentation may be reproduced in any form or by any means or used to make any
derivative work (such as translation, transformation, or adaptation) without written permission from
Azimuth Systems, Inc. Azimuth Systems, Inc. provides this documentation “AS IS,” without warranty,
term, or condition of any kind, either implied or expressed, including, but not limited to, the implied
warranties, terms, or conditions of merchantability, satisfactory quality, non-infringement and fitness for a
particular purpose. Azimuth Systems, Inc. reserves the right to make changes to equipment design or
program components described in this documentation, as progress in engineering, manufacturing methods,
or other circumstances may warrant. No responsibility is assumed for the use of Azimuth Systems, Inc.
software or hardware, all rights, obligations and remedies related to which are as set forth in the applicable
sales and license agreements.
Azimuth systems has made every effort to ensure that this script implements the Cisco CCX test plan
correctly. Azimuth makes no claims that the script will ensure your product gets CCX certification when
tested by Cisco or labs authorized by Cisco. We believe that using this script will provide a test result close
to the final test and will increase the chances of passing the official certification considerably.
Azimuth Systems, Inc.
31 Nagog Park
Acton, MA 01720
Tel. 978.263.6610
Fax 978.263.5352
www.azimuthsystems.com
Technical Publications Doc. No. 042507, Rev. v4.6
Published 04/25/07
Printed in United States of America
Using the Azimuth CCX 4.6 Pre-Certification Benchmark Test Suite
Rev. v4.6
i-ii
Table of Contents
Chapter 1
Introduction
Theory of Operation ..............................................................................................................1-2
Required Hardware/Software ................................................................................................1-3
Physically Configuring the Azimuth CCX Benchmark Test ...................................................1-5
Repeating Tests With Two Operating Systems in Parallel ....................................................1-7
Configuring the Station Under Test (STM) ............................................................................1-8
Configuring the Test Bed Client STM ....................................................................................1-8
Using the ASD as the Device Under Test .............................................................................1-9
Running the Azimuth CCX Benchmark Test ....................................................................... 1-11
Selecting Multiple Test Cases for Faster Test Execution ....................................................1-14
Reviewing Test Results .......................................................................................................1-19
Reviewing Benchmark GUI Test Results ............................................................................1-19
Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Results ....1-21
Appendix A
Additional Configuration and Setup Information ................................................................... A-1
Creating and Implementing the ASD Control Library and ASD Control Manager ................ A-1
Configuring the ASD in the Azimuth Director Device Manager ............................................ A-2
Installing and Configuring the ACS ...................................................................................... A-4
Configuring the AAA Client, AAA Server and ACS User ............................................... A-8
Importing Azimuth Certificates for PEAP/TLS Authentication ..................................... A-13
Configuring the ACS for Network Admission Control (NAC) ....................................... A-20
Configuring the ACS for Automated Control ................................................................ A-47
Upgrading the Cisco AP ..................................................................................................... A-50
Configuring FTP ................................................................................................................. A-51
Configuring TFTP ............................................................................................................... A-53
Configuring the Cisco 4400 Controller ............................................................................... A-54
Configuring WLSE ............................................................................................................. A-57
Connecting the WLSE to the Network ......................................................................... A-58
AP Discovery ............................................................................................................... A-58
Specifying WLCCP Credentials for the WDS .............................................................. A-59
Running the Discovery Wizard to Seed Devices ......................................................... A-59
Viewing Discovery Logs ............................................................................................... A-62
Managing and Unmanaging devices ........................................................................... A-62
Deleting RM Measurements ........................................................................................ A-63
Radio Monitoring ......................................................................................................... A-65
Displaying Faults to Verify Rogue AP Detection .......................................................... A-68
Client Walkabout .......................................................................................................... A-68
Creating a New Client Walkabout ................................................................................ A-68
Running a Client Walkabout ........................................................................................ A-72
Radio Parameter Generation ....................................................................................... A-73
Using the Azimuth CCX Pre-Certification Benchmark Test Suite
Rev. v4.6
i-iii
Configuring Chariot ............................................................................................................ A-77
Setting Up the CCX Noise Tests ........................................................................................ A-77
Installing VNC ................................................................................................................... A-79
Configuring the DHCP Server ............................................................................................ A-85
Appendix B
Automated Station Configuration ............................................................................................ B-1
Appendix C
Configuration of Catalyst 3750G Switch and Cisco 3620 Router for VLAN Tests .............. C-1
Appendix D ......................................................................................................................................
Azimuth CCX Pre-Certification Benchmark Test Parameters ............................................... D-1
Info Tab .......................................................................................................................... D-1
Test-Bed Setup Tab ....................................................................................................... D-2
RADIUS Setup Tab ....................................................................................................... D-6
DUT Setup Tab .............................................................................................................. D-8
Test Selection Setup Tab ............................................................................................. D-11
Options Setup Tab ....................................................................................................... D-13
ASD Tab ...................................................................................................................... D-15
Log Tab ........................................................................................................................ D-20
System Log Tab ........................................................................................................... D-21
Results Tab .................................................................................................................. D-22
Common Tab Parameters ............................................................................................ D-23
i-iv
Rev. v4.6
Chapter 1
Introduction
The Azimuth CCX Pre-Certification Benchmark Test Suite 4.6 automates the testing of 802.11 devices
required by the Cisco Compatible Extensions (CCX) Program (Version 4.5). The specification for each
CCX Program test is detailed in the CCX Test Plan (EDCS-532266 Rev 4.59), which is available from
Cisco Systems.
Note: The Azimuth CCX Pre-Certification Benchmark Test Suite implements all of the
CCX Program tests defined in the CCX Test Plan (Rev. 4.59) except for the following tests
or test steps, which are not supported by the Azimuth test system:
• Test 4.7.5.4 - WLSE Testing: Performance and Stress Test. This test is not supported on
the Azimuth Test System.
• Test 6.5.5 - Call Admission Control (Unidirectional Voice TSPEC). This test is
applicable to CCXv5 clients only. The Azimuth Test Suite tests CCXv4 clients.
• Tests 5.4.x, 5.5.x, 5.6.x - Single Sign-on. These tests are not supported by the Azimuth
test system.
• Tests 5.9.1 and 5.9.2 - Other Testing. These tests are the same as tests 3.2.1.1 and 3.2.2.1
respectively.
• Test 6.2.4.5 - Roaming in from cellular or other WAN. This test is not supported by the
Azimuth test system.
• Tests 6.8.x - Frame Report. These tests are the same as tests 4.7.2.x.
• Tests 6.9.1, 6.9.3, 6.9.5 and 6.9.6 - EAP-FAST Enhancements. These tests are not
supported by the Azimuth test system.
The CCX tests ensure interoperability of wireless devices with Cisco WLAN infrastructure products.
Passing all of the tests in Azimuth Systems’ CCX test ensures you of a better Wi-Fi product and increases
your chances of passing CCX Certification.
The Azimuth CCX Pre-Certification Benchmark is performed using the Azimuth W-Series WLAN Test
Platform along with some specific Cisco-provided products.
This document discusses the theory of operation for the test, defines Azimuth graphical user interface
(GUI) parameters, provides information necessary to set up and run the tests and discusses the script test
results.
Note: All of the tests that comprise the CCX Pre-Certification Benchmark Test Suite are
automated for the test bed client in the test bed. However, some functionality for CCX
benchmark tests listed in “Automated Station Configuration” on page B-1 cannot be
automated for the station under test due to the limitations of various supplicants used to
automate the tests.
Rev. v4.6
1-1
Theory of Operation
Theory of Operation
Azimuth’s CCX Pre-Certification Benchmark Test Suite performs many of the test requirements necessary
for CCX certification of each of your 802.11a, b and g devices to ensure that they properly interoperate
with Cisco Aironet access points (APs), and that the device supports the Cisco Systems features in the
CCX Program. Through the Azimuth GUI interface, individual tests may be selected, or the entire test
suite can be chosen, allowing operator flexibility in design verification and debug use, or for final
regression testing.
Depending on whether the device under test (DUT) is a station or an application specific device (ASD), the
DUT is installed either in an Azimuth Station Test Module (STM), Azimuth Wireless Standalone Client
(WSC), Azimuth RadioProof Enclosure (Model RPE-101/401/421) or other device. The GUI operation
allows for the DUT location. The additional test bed units, Cisco APs and client card, provided separately,
are configured in Azimuth RadioProof Enclosures (Model RPE-102/402s) and an STM. These devices are
configured such that manual reconfiguration during the test is unnecessary.
In addition, equipment to perform the Noise Histogram tests, provided separately, is configured into the
test setup. The script, controlled by the Azimuth DIRECTOR, features a GUI that is used to configure the
test, indicate the required equipment configuration for the test, and report detailed analyses of both the test
and test results. The Test Selection tab lists all of the tests that you can select for a particular type of DUT.
When you select the type of DUT (such as a NIC or an ASD), the script automatically determines the
specific tests to run and only allows you to select from those tests in the Test Selection tab.
Test results indicate whether the devices under test have passed or failed.
1-2
Rev. v4.6
Required Hardware/Software
The major hardware and software requirements for this application include the following:
Azimuth-Provided
■
Azimuth DIRECTOR (release 4.5 or higher)
■
Azimuth CCX Pre-Certification Benchmark Test available on the Azimuth CCX Pre-Certification
Benchmark Test CD
■
Azimuth chassis (801W/800W)
■
Ethereal Protocol Analyzer (version 0.10.9, Azimuth v8 or higher) - this Azimuth-modified
version of Ethereal is only available on the Azimuth CCX Pre-Certification Benchmark Test CD
■
One (1) Azimuth Wireless LAN Analyzer (WLA-202 or WLA-422) module (included WMM
decodes)
■
Two (2) Azimuth RF Port Modules (RFM-102s)
■
Either of the following to house the test bed client:
■
One (1) Azimuth STM and one (1) Azimuth Client Carrier Card
■
One (1) Azimuth WSC and one (1) Azimuth RPE-101/401/421
■
Either of the following to house the DUT (Windows station or ASD):
■
One (1) Azimuth STM and one (1) Azimuth Client Carrier Card
■
One (1) Azimuth WSC and one (1) Azimuth RPE-101/401/421
■
Two (2) Azimuth RPE-102/402s
■
Necessary interface cables:
❏
CCX RF Cable Kit (ACC-258)
Customer-Provided
■
One (1) Cisco CB21 AG Client Adapter (driver version 2.0.0.227 or 2.5.0.22) (test bed client)
■
Three (3) Cisco AIR-AP1231G-A-K9 or similar APs (IOS version 12.3(8) for the Autonomous
test bed. The AP configuration must be reset to factory defaults and configured with static IP
addresses when the CCX tests are either run for the first time or the AP configuration is changed
manually. The Azimuth CCX Benchmark Test Release allows you to run CCX tests using AP IOS
versions 12.3(4), 12.3(7), 12.3(8), or 12.3(11). Azimuth recommends that you use AP IOS version
12.3(8) for all CCX testing.
Note: Use Cisco Access Points with Radio Modules RM21 or RM22 that support AES
encryption on the 802.11a radio interface.
Rev. v4.6
1-3
■
CiscoSecure Access Control Server (ACS) AAA Security Server (or equivalent) (version 4.1(1)
Build 23).
■
Funk Odyssey Client software (version 4.0 if you are using Azimuth DIRECTOR 4.5; version 4.32
if you are using Azimuth DIRECTOR 4.6)
■
Either of the following:
❏
One (1) Noise Generator (see “Setting Up the CCX Noise Tests” (page A-53))
❏
One (1) Agilent 33120A Waveform Generator and One (1) HP 8672A Synthesized Signal
Generator (or equivalent). Equivalent signal generators must meet the following criteria:
•
2-6 GHz frequency range
•
+10 dBm power level
•
45 dB II, III, IV Harmonic Suppression
•
Serial, GPIB or Ethernet interface
•
Synthesized tone signal type
•
M/A COM M8HC-7 RF Double Balanced Mixer
■
Power meter to verify signal generator output level
■
Ethernet 10/100 switch
■
RF combiner (if running with two operating systems in parallel). For information, see “Repeating
Tests With Two Operating Systems in Parallel” on page 1-7.
■
One (1) Cisco AIR-AP1030-A-K9 and two (2) Cisco AIR-AP1242AG-A-K9 for the Unified testbed. The AP configuration must be reset to factory defaults and configured with static IP addresses
when the CCX tests are either run for the first time or the AP configuration is changed manually.
■
One (1) Cisco 4400 Controller for the Unified test-bed, with software version 4.0.206.0. The
Controller must be reset to factory defaults and configured with static IP addresses when the CCX
tests are either run for the first time or the AP configuration is changed manually.
■
Cisco Catalyst 3750G Ethernet Switch.
Note: For an example of a logical configuration for connecting a VLAN capable switch,
please see Appendix C, “VLAN Configuration.”
1-4
■
IXIA IxChariot (version 5.1 or higher)) and Endpoint Software
■
Cisco 1130 Wireless LAN Solution Engine (WLSE) Server (version 2.9 or higher)
■
Cisco Trust Agent Software (Version 2.0.1.14 for Windows XP and Version 2.0.0.30 for other
operating systems)
■
Soft Token Server
■
Certificate Server (optional)
Rev. v4.6
Physically Configuring the Azimuth CCX Benchmark Test
■
Internet Explorer 6.0, Service Pack 1
■
Java Runtime Environment (JRE) (version 1.5 or higher) (download from http://java.com/en/
download/manual.jsp)
■
Internet connection for download of Java JRE
■
Anti Virus Software installed with the latest virus definitions installed
■
Cisco 3620 (or similar) Router
The physical configuration of the Azimuth CCX Benchmark Test is shown in the following tables and
figures. Table 1-2 shows a standard configuration for running the CCX test; a graphical example of the
standard configuration is presented in Figure 1-1.
Table 1-1. Standard Configuration RF Connections a b
STM1 STM2
Noise
AP AP AP Port Port
Generator
1
2
3
1 1 1 2 2 2 1 1 1 2 2 2
1 2 1 2
A B C A B C A B C A B C
RFM-102 1, Port
RFM-102 2, Port
1A
X
1B
RFM102
(1)
Port
x
1C
X
2A
x
2B
x
2C
1A
X
1B
RFM102
(2)
Port
X
1C
2A
2B
X
X
2C
WLA- 1
202
2
Port
X
X
X
Rev. v4.6
1-5
a. The test bed client may be housed in a WSC inside an RPE-101/401/421 instead of STM1. The
DUT may also be housed in a WSC inside an RPE-101/401/421 instead of STM2. The RPE-101/
401/421 housing the test bed client and the DUT must be connected to ports 2B and 1B of the
RFM-102 (1), respectively.
b. The Autonomous Tests use Cisco AP1231 running Cisco IOS software; the Unified Tests use
Light-Weight APs (AP1030 or AP1242). The "AP1" RF connection refers to a pair of APs - one
IOS AP1231 and one AP1030 - whose radios are combined using an RF combiner. Similarly,
"AP2" and "AP3" each refer to a pair of APs - one IOS AP1231 and one AP1242 - whose radios
are combined using RF combiners.
Cisco 3620 Router
Access Points in the
Azimuth RPE-102/402s
AP 1231
WLSE Server
Chariot Server
ACS AAA Server
Soft Token Server
E1
E2
E1
COMM
10/100 ETHERNET
!
E2
COMM
10/100 ETHERNET
WARNING
16V MAX
(POWER OVER ETHERNET PASS THRU)
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
Certificate Server
!
WARNING
16V MAX
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
AP 1242
Cisco 4400 Controller
AP 1231
AP 1231
Pub-Net
Cisco Catalyst
3750G Switch
E1
E2
E1
COMM
10/100 ETHERNET
!
E2
10/100 ETHERNET
WARNING
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
16V MAX
AP 1242
COMM
!
WARNING
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
16V MAX
AP 1030
Test-Net
192.168.1.1
GPIB or
Serial
Interface
800W
Azimuth DIRECTOR
Bus-Net
192.168.2.1
1
RFM-102
Link
Link
2
Sync
Act
RFM-102
Link
Link
3
4
STM-412
Sync
Link
Act
Act
Status
Sync
STM
!
Station-1
Station-2
Act
Status
Warning: +5VDC Output
!
6
7
8
WLA-202
Link
Act
Status
Sync
WLA
Probe-1
Probe-2
Act
Status
RF Port 1
CardBus Station-1
RF Port 1
!
CardBus Station-1
Device
Under Test
RF Port 1B
Waveform
Generator
Status
Sync
STM
Station-2
Status
Waveform Generator
Act
Station-1
RF Port 1
RF Port 1A
5
STM-412
Link
RF Port 1C
AiroPeek
TM
Signal Generator
RF Port 2
RF Port 2A
!
RF Port 2B
Signal
Generator
RF Port 2C
!
RF Port 2
!
CardBus Station-2
Test Bed
Client
CardBus Station-2
RF Port 2
AiroPeek
TM
Twisted Pair Ethernet
RF
Gigabit Ethernet
Azimuth Chassis
Figure 1-1. Standard Configuration Connections
1-6
Rev. v4.6
Repeating Tests With Two Operating Systems in Parallel
Repeating Tests With Two Operating Systems in Parallel
The CCX Test Plan requires that Windows stations be tested on both the Windows XP and the Windows
2000 operating systems. To support concurrent testing on these operating systems, the Azimuth CCX PreCertification Benchmark Test allows you to select two Windows Stations as the devices under test (DUTs).
Each test case is first run with the primary DUT. If a secondary DUT is selected, the test case is repeated
using the secondary DUT. The two DUTs must be connected using a 2-to-1 RF combiner to Port 1B of the
RFM-102 (Figure 1-2).
When the test is repeated with the secondary DUT, the APs are configured incrementally (as described in
“Selecting Multiple Test Cases for Faster Test Execution” (page 1-14)). This reduces the total time for
executing the test cases.
The Results tab (see Figure D-12) groups the test results by the MAC address of the DUT.
Twisted Pair Ethernet
RF
Gigabit Ethernet
Cisco 3620 Router
Access Points in the
Azimuth RPE-102/402s
WLSE Server
Chariot Server
AP 1231
ACS AAA Server
Soft Token Server
E1
E2
E1
COMM
10/100 ETHERNET
!
E2
COMM
10/100 ETHERNET
WARNING
16V MAX
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
!
WARNING
16V MAX
Certificate Server
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
AP 1242
Cisco 4400 Controller
AP 1231
AP 1231
Pub-Net
Cisco Catalyst
3750G Switch
E1
E2
E1
COMM
10/100 ETHERNET
!
E2
10/100 ETHERNET
WARNING
16V MAX
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
AP 1242
COMM
!
WARNING
16V MAX
TAKE CARE TO
CONNECT DC
DEVICES IN
CORRECT POLARITY
AP 1030
Test-Net
192.168.1.1
GPIB or
Serial
Interface
800W
Bus-Net
192.168.2.1
Azimuth DIRECTOR
1
RFM-102
Link
2
Sync
RFM-102
Link
3
4
STM-412
Sync
Link
Act
Status
Sync
STM
5
Link
Act
Link
Status
7
8
Status
Sync
WLA
Probe-2
Act
Status
RF Port 1
!
Waveform Generator
Act
Probe-1
Station-2
Act
RF Port 1A
6
WLA-202
Link
Station-1
RF Port 1
!
!
CardBus Station-1
RF Port 1B
Waveform Generator
RF Port 1C
Signal Generator
AiroPeek
TM
RF Port 2
RF Port 2A
!
RF Port 2
Signal Generator
RF Port 2C
Test Bed
Client
CardBus Station-2
RF Port 2B
AiroPeek
TM
RF1
RF2
RF3
RF4
RF5
RF
Combiner
RF6
RadioProof
RF7
RF8
TM
Enclosure
WSC Housing Primary Station
RF
Combiner
RF1
RF2
RF3
RF4
RF5
RF6
RF7
RF8
RF
Combiner
RadioProof
TM
Enclosure
Azimuth Chassis
WSC Housing Secondary Station
Figure 1-2. Physical Configuration Running Tests with Two Operating Systems in Parallel
Rev. v4.6
1-7
Configuring the Station Under Test (STM)
Configuring the Station Under Test (STM)
Perform the following procedure to configure the station under test STM. A similar procedure may be used
to configure a WSC that contains the station under test.
1.
Install the station under test client card in the STM chamber.
2.
Ghost the STM OS factory image. For instructions, see “Using Symantec Ghost to Restore and
Back Up WSC OS Images” in the Azimuth Wireless LAN Test System Operations Guide and
Azimuth DIRECTOR User Guide.
3.
Install the client card driver.
4.
Install the client card configuration utility if you wish to use it to configure the client card.
5.
Install Chariot endpoint software and configure Layer 2 Priority Values and Registry settings as
described in the CCX Test Plan (Cisco document number EDCS-230632, section 14.4.2.1, Setting
Up the Chariot Endpoints).
6.
Set up client and root certificate authority (CA) certificates on the STM according to instructions
presented in “Configuring PEAP and EAP-TLS” (page A-24).
Note: After setting up the STM with all required hardware and software drivers, back up
the STM OS image using Symantec Ghost. For more information, refer to your Azimuth
DIRECTOR release notes.
7.
Install the Cisco Trust Agent (Version 2.0.1.14 for Windows XP and Version 2.0.0.30 for other
operating systems). The Cisco Trust Agent installation package can be obtained from Cisco
Systems. Select the “Complete” Installation Type to ensure that the CTA Scripting Interface is also
installed.
Configuring the Test Bed Client STM
Perform the following procedure to configure the test bed client STM. A similar procedure may be used to
configure a WSC that contains the test bed client.
1-8
1.
Install the test bed client card in the STM chamber.
2.
Ghost the STM OS factory image. For instructions, see “Backing Up STM Images” (page 6-18) in
the Azimuth Wireless LAN Test System Operations Guide and Azimuth DIRECTOR User Guide.
3.
Install the client card driver (version 2.0.0.227 or version 2.5.0.22).
4.
Install VNC onto the STM. For instructions, see “Installing VNC” (page A-55). Then install Funk
Odyssey onto the STM. See Funk user documentation for specific installation instructions.
Rev. v4.6
Using the ASD as the Device Under Test
5.
Install WinPcap 3.1 and Ethereal 0.10.9.Azimuth.v8 onto the STM. WinPcap can be downloaded
from http://www.winpcap.org/install/default.htm. Ethereal 0.10.9.Azimuth.v8 can be found on the
Azimuth DIRECTOR installation CD.
Note: When installing or using the Funk Odyssey Client, Azimuth Systems recommends
that you use VNC to access the STM from the Azimuth DIRECTOR. If you use the
Microsoft Remote Desktop Connection to access the STM from the Azimuth DIRECTOR,
you will need to reboot the STM before you can use VNC to access the STM.
Note: After setting up the STM with all required hardware and software drivers, back up
the STM OS Image using Symantec Ghost. For more information, refer to your Azimuth
DIRECTOR release notes.
To use an application specific device (ASD) as the device under test (DUT), you must perform the
following procedure prior to running the tests.
1.
Configure the ASD in the Device Manager in the Azimuth DIRECTOR. For more information, see
“Configuring the ASD in the Azimuth Director Device Manager” (page A-4).
2.
Optionally, create and implement either a control library or a control manager using the Tcl
programming language to configure the ASD. For more information, see “Creating and
Implementing the ASD Control Library and ASD Control Manager” (page A-2).
Note: Azimuth provides a default ASD control library to configure the ASD. This default
library prompts the user to configure the ASD manually or to provide information required
for the CCX tests. During certain tests, the Azimuth CCX ASD control library will prompt
you to perform certain actions. For example, when you start an FTP file transfer from the
ASD, it is necessary for you to select [ OK ] as soon as possible after you start the FTP file
transfer or perform the action described by the user prompt so that the resulting action (e.g.,
the FTP file transfer) does not complete before the test continues.
Rev. v4.6
1-9
Note: Regarding Data Connectivity Testing Using FTP: The Azimuth CCX Benchmark
Test uses a 10MB file to test file transfer between the ASD and the Azimuth DIRECTOR.
The ASD Under Test may support FTP but may not have sufficient space to store a 10MB
file. In that case, replace the file ccx-ftp-small.dat located in \data\tests\ccx\tftpboot with a
file of the appropriate size. If the ASD Under Test does not support FTP, then configure the
test (see Appendix D, “ASD Tab”) to skip the FTP portion of the data connectivity test. The
test script will prompt you to transfer a large amount of data from the ASD to the Azimuth
DIRECTOR using a method supported by the ASD.
Note: Regarding Data Connectivity Testing Using Multicast: By default, the Azimuth
CCX Benchmark Test uses the mcast tool to generate multicast traffic from the Azimuth
DIRECTOR, and prompts the user to use a multicast tool supported by the ASD to receive
the multicast traffic on the ASD. mcast generates multicast traffic that has the IP Protocol
field set to 0xFF, and some multicast tools may not be able to receive this multicast traffic.
Hence, the test GUI allows the user to choose the tool used to generate multicast traffic from
the Azimuth DIRECTOR (see Appendix D, “ASD Tab). Use the iperf option to generate
UDP multicast traffic on the default iperf port (5001). Use the Prompt the user option to use
a tool of your choice to generate multicast traffic with specified parameters. If the ASD
Under Test does not support multicast traffic, then configure the test (see Appendix D,
“ASD Tab) to skip the multicast portion of the data connectivity test.
Note: Regarding WMM Functionality Testing: The WMM Functionality tests generate
three traffic streams from the client, of which one stream has Prioritized traffic and the other
two have Best Effort traffic. The tests verify that under high load conditions, the throughput
of the Prioritized traffic stream does not drop below an acceptable threshold. The Azimuth
CCX Benchmark Test uses Chariot to generate traffic and measure the throughput of
prioritized and non-prioritized traffic in the WMM Functionality Tests. The test runs the
High_Performance_Throughput Chariot script to determine the maximum throughput
supported by the ASD, and then calculates the data rates for the three traffic streams that are
generated as specified in the CCX Test Plan. For example, if the maximum throughput
supported by the ASD is 20Mbps, then the test generates the three traffic streams with data
rates of 14Mbps, 10Mbps and 10Mbps respectively. If the maximum supported throughput
is lower, the data rates are reduced proportionately.
1-10
Rev. v4.6
Running the Azimuth CCX Benchmark Test
This section describes the hardware and software requirements and prerequisites for running the Azimuth
CCX Pre-Certification Benchmark Test. A procedure following that information describes how to run the
test.
HARDWARE AND SOFTWARE REQUIREMENTS AND PREREQUISITES:
■
The required hardware and software required for this test is listed in “Required Hardware/
Software” (page 1-2).
■
Install the Azimuth CCX Pre-Certification Benchmark Test on the Azimuth DIRECTOR PC.
Note: For information on installing the Azimuth CCX Pre-Certification Benchmark Test,
please see the Azimuth Benchmark and Tcl Libraries Installation Guide available on the
document CD and on the Benchmark Software CD.
■
■
Perform the following procedures:
❏
“Configuring the Station Under Test STM” (page 1-7)
❏
“Configuring the Test Bed Client STM” (page 1-8)
Perform the following DIRECTOR-related procedures:
❏
“Installing and Configuring the ACS” (page A-7)
❏
“Configuring the AAA Client, AAA Server and ACS User” (page A-11)
❏
“Configuring WLSE” (page A-33)
❏
“Configuring Chariot” (page A-52)
❏
“Setting Up the CCX Noise Tests” (page A-53)
❏
Enable TFTP on the Azimuth DIRECTOR Test-Net interface as described in “Configuring
TFTP” (page A-28).
❏
Enable FTP on the Azimuth DIRECTOR Test-Net as described in “Configuring FTP” (page
A-27).
❏
Enable Routing and Remote Access on the Azimuth DIRECTOR Test-Net interface as
described in “Configuring Routing and Remote Access” (page A-30).
To Set Up and Run the CCX Pre-Certification Benchmark Test:
1.
Select Tools > Connected Devices in the Azimuth DIRECTOR main menu to open the Connected
Devices menu.
2.
Select [ New ]. The New Device dialog box opens (Figure 1-2).
Rev. v4.6
1-11
Figure 1-3. New Devices Dialog Box
1-12
3.
Select the Access Point option from the Device Type pull-down menu. You are now ready to add
the first AP in the CCX Pre-Certification Benchmark Test Suite to the Azimuth DIRECTOR.
4.
Enter the appropriate information in the other fields in the New Devices dialog box that pertain to
the AP. Make sure that you also select where the AP is connected, such as the RFM and RFM port,
and indicate if there are any additional RF losses. When you are done, select [ OK ].
Rev. v4.6
5.
Repeat steps 2 through 4 for each of the three Autonomous and the three Unified (Light-Weight)
APs that you must enter into the Azimuth DIRECTOR configuration. For the Unified APs, enter
the IP address of the Cisco 4400 Controller, not the IP address of the AP, and enter the AP Ethernet
MAC Address or the AP Radio Base Address in the BSSID field. When you have finished entering
the last AP, the Connected Devices dialog box appears similar to the one shown in Figure 1-3. That
box shows the AP names, connections, addresses and vendor name for the device.
Figure 1-4. Connected Devices Dialog Box
6.
Select [ OK ] to close the Connected Devices dialog box.
7.
Double-click the CCX Certification logo in the Benchmark Tests area of the Azimuth DIRECTOR
Test Manager to open the CCX Pre-Certification Benchmark Test Suite (see Figure 1-4).
Figure 1-5. CCX Pre-Certification Benchmark Test Certification Logo
8.
Complete information in the Info tab as desired.
9.
Select the Setup tab.
10. Select the tabs within the Setup tab and configure the tests accordingly.
11. To set up the Noise Generator, use the Setup - 802.11/Noise subtab.
12. Select [ Go ]. The CCX Pre-Certification Benchmark Test runs.
13. Check the Log tab. The test output appearing in the Log tab of the dialog box will look similar to
that shown in Figure 1-11. Analyze your test output to determine if the desired quality has been
achieved.
Rev. v4.6
1-13
Selecting Multiple Test Cases for Faster Test Execution
Each test in the Azimuth CCX Pre-Certification Benchmark Test (releases 3.1 and earlier) begins with the
following steps:
■
Initialize the configuration of each of the three APs used in the test; this takes 30-35 seconds.
■
Configure each AP according to the test requirements. This time varies; for example, the WLCCP
registration required for CCKM key management takes 40 to 50 seconds.
Many CCX tests use the same or similar AP configuration. In Azimuth CCX Pre-Certification Benchmark
Tests (release 3.2 or higher), these similar tests are grouped as listed in Table 1-2 and Table 1-3. When you
select multiple test cases to run, tests in a group are run together. The APs are configured completely at the
start of each test for the first test in the group, and the AP configuration is incrementally changed for the
remaining tests in the group. This will cause a longer test run time and may cause some of the APs to
become unstable. Minimizing AP configuration changes reduces the total time for executing the test cases.
Each test group has a Common AP configuration, e.g., EAP authentication with WEP128 encryption. Each
test case in the group has one or more test-specific AP configuration steps, e.g., the setting of the
fragmentation threshold to 500 bytes. The test-specific configuration is undone or reset when the test case
is completed.
When running several iterations of the same test case, the APs are configured from the beginning for the
first iteration, and incrementally for subsequent iterations.
To override this optimization in the AP configuration, enable the “Reset AP Configuration at the start of
each test case” (page D-15) checkbox. If this checkbox is enabled the APs are configured from scratch for
every test.
Table 1-2. Autonomous Tests Using the Same or Similar AP Configuration
Test Group
Test Number
EAP Authentication
3.2.2.1
3.2.3.1
4.6.1
4.6.2
5.3.8
LEAP Authentication
1-14
4.4.2
Rev. v4.6
Test Group
Test Number
Open Authentication with Null Encryption
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4.1
4.8.1
6.2.1.1
6.2.1.2
6.2.2.1
6.2.2.2
6.2.2.3
6.2.2.4
6.2.3.1
6.2.4.1
6.2.4.2
6.2.4.3
6.2.4.4
6.2.4.6
6.2.4.7
AP-Assisted Roaming
4.4.3
CCKM Authentication
4.5.1
5.3.3
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
Rev. v4.6
1-15
Test Group
Test Number
Radio Measurement
4.7.1.1
4.7.1.2
4.7.1.3
4.7.1.4
4.7.2.1
4.7.2.2
4.7.3.1
4.7.4.1
4.7.5.1
4.7.5.2
4.7.5.3
EAP-FAST Functionality
5.1.3
5.1.11
5.1.12
5.1.13
5.3.2
EAP FAST with WPA
5.1.6
5.1.7
5.1.8
5.3.7
EAP FAST with Multiple VLANs
5.1.10
EAP-Fast with CCKM and WPA
5.2.4
WMM with Open Authentication
5.3.1
WMM with EAP-FAST Authentication
5.3.6
WPA2 Functionality
5.7.1
5.7.2
5.7.3
5.8.1
5.8.2
5.8.3
1-16
Rev. v4.6
Test Group
Test Number
6.11.1
6.11.2
6.12.1
6.13.1
Network Admission Control
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
SSIDL
6.4.2
6.4.3
Call Admission Control
6.5.1
6.5.2
6.5.3
6.5.4
UAPSD
6.6.1
6.6.2
Traffic Stream Metrics
6.7.1
EAP-FAST Enhancements
6.9.2
MBSSID
6.10.1
6.10.2
6.10.3
6.10.4
6.10.5
Rev. v4.6
1-17
Table 1-3. Unified Tests Using the Same (or Similar) AP Configuration
Test Group
Test Number
EAP Authentication
3.2.5.1
3.2.6.1
4.6.3
4.6.4
5.3.16
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.4.2
4.8.2
5.3.9
EAP FAST Functionality
5.1.14
5.1.16
5.1.17
5.1.24
5.1.25
5.1.26
EAP-FAST with Multiple VLANs
5.1.23
EAP-FAST Authentication with CCKM
5.2.10
5.2.11
WMM with EAP-FAST
5.3.12
5.3.15
WPA2 Functionality
5.7.4
5.7.5
5.7.6
5.8.4
5.8.5
5.8.6
1-18
Rev. v4.6
Reviewing Test Results
Table 1-3. Unified Tests Using the Same (or Similar) AP Configuration (Continued)
Test Group
Test Number
6.12.2
6.13.2
MBSSID
6.10.6
Reviewing Test Results
You can view the test results in two ways:
■
Benchmark GUI — to see test results in the CCX Pre-Certification Benchmark Test GUI, please
see “Reviewing Benchmark GUI Test Results” (page 1-19).
■
Azimuth Studio — you can also view, export, authenticate and compare CCX test results in
Azimuth Studio. For specific information on viewing these results, please see “Using Azimuth
Studio to View, Compare, Import/Export and Authenticate Test Results” (page 1-21).
Reviewing Benchmark GUI Test Results
The optimal results of the CCX Pre-Certification Benchmark Test will be to achieve a Pass grade for all
tests.
The results of all CCX Pre-Certification Benchmark Test results are saved in the Azimuth PC directory
\data\tests\runDB\CCX. The results are sorted by date and time.
An example of the output of the Log tab is presented in Figure 1-5 and Figure 1-6. The various sections of
the output in the Log tab include the following:
■
Information - displays the information entered in the Info tab
■
Purpose - displays the stated purpose of the test being performed
■
Test Setup - displays operations performed by the test to set up the client for the test
■
AP Configuration - displays operations performed by the test to set up the AP for the test
■
Test Details - provides information related to other operations being performed (such as
configuring the RADIUS server)
■
Pass/Fail/Error Notification - states whether the selected test has passed, failed or if an error has
prevented it from finishing
■
Test Complete - notes when the test is finished
Rev. v4.6
1-19
Reviewing Benchmark GUI Test Results
Information
Purpose
Test Setup
Figure 1-6. Log Tab Output Example (1 of 2)
AP Configuration
Test Details
Pass/Fail/Error Notification
Test Complete
Figure 1-7. Log Tab Output Example (2 of 2)
1-20
Rev. v4.6
Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test
Using Azimuth Studio to View, Compare, Import/Export
and Authenticate Test Results
If you have installed a licensed version of Azimuth Studio, you can open Azimuth Studio to view and
compare test results from different runs of the CCX Pre-Certification Benchmark Test. You can also export
a test run and then import it into another Azimuth Studio server, where it can be authenticated. The test run
is authenticated by inserting a digital signature into the output that can be verified by any Azimuth Studio
product.
To View, Compare, Export/Import and Authenticate Test Results in Azimuth Studio:
1.
Open Azimuth DIRECTOR and select the database icon on the main toolbar. The Internet Explorer
browser opens and the Azimuth Studio login page appears.
2.
Enter your user name and password in the appropriate fields and select [ OK ]. The Quick Search
window appears.
3.
Select the CCX Unified Tests option in the TEST field.
4.
Select the date range in which the tests were run in the FROM and TO fields. The results for each
test run of the CCX Pre-Certification Benchmark Test appears in the GUI under the Test
Description field (Figure 1-8).
Figure 1-8. Example Studio Quick Search Window Showing Test Results
Rev. v4.6
1-21
5.
Select the magnifying glass icon in the seconds column adjacent to the test name to view test
results from the list. The test report appears as shown in Figure 1-9.
All of the same information that is available in separate tabs (like the Log and System Log tabs) of
the benchmark GUI is presented in the Azimuth Studio report. In the example in Figure 1-9, note
that in the lower portion of the report that there are expandable fields with plus (+) signs adjacent
to them. When you select these plus signs with your cursor to expand them, the full content of the
field appears as shown in Figure 1-10.
1-22
Rev. v4.6
6.
To compare two test runs, display the list of test results as explained in step 4. Then select the
comparison icon adjacent to two of the appropriate reports in the Compare column. Each time you
select the comparison icon, a message appears with wording similar to the following: Adding Test
Run 106 to the comparison page. Select [ OK ] to close each message box.
7.
Select the Compare Test Runs option. The selected tests to compare display (Figure 1-11).
Figure 1-11. Compare Test Runs
8.
Select [ Compare Test ]. The two tests appear side-by-side in the comparison report. A portion of a
comparison report is shown in Figure 1-12.
Rev. v4.6
1-23
Figure 1-12. Example of a Comparison Report
9.
Select Quick Search, and then select the magnifying glass icon adjacent to the test run that you
want to export (Figure 1-13). The test run you wish to export appears. Note that the example of the
test run in Figure 1-13 shows an open lock icon; this indicates that the test run is not authenticated.
Export Test Run
File Not Authenticated
Figure 1-13. Exporting the Test Run
10. Select the Export Test Run icon (Figure 1-13). A message appears to indicate the progress of the
export process. Then a message appears similar to that shown in Figure 1-14 to indicate the
success of the exportation process.
1-24
Rev. v4.6
Figure 1-14. Exportation Procedure Progress Message
11. Download the exported file by selecting [ Download ] (see Figure 1-14). A prompt appears asking
whether to save or open the file (Figure 1-15).
Figure 1-15. Saving the Exported Test Run
12. Select [ Save ]. When prompted, save the file to a temporary location.
13. Copy the file to the Azimuth Studio Server in the following path:
\Program Files\Azimuth\Studio\WWW\data\imports
If necessary, create any folders on the Azimuth Studio Server that do not exist in the path noted
above.
Note: Ensure that you save the exported Studio test run to the Azimuth Studio server, not
to the client.
14. In the Azimuth Studio main menu, select Administration > Maintenance. The Maintenance
menu appears (Figure 1-16).
Rev. v4.6
1-25
Figure 1-16. Selecting the File to Import
15. Select the appropriate test run in the Test Run pull-down menu.
16. Select [ Import Test Run Now ]. Messages appear (Figure 1-17) to indicate the progress of the
importation operation. Then a message appears to indicate the success of the operation.
Figure 1-17. Importation Procedure Progress Messages
17. In the Azimuth Studio main menu, display the test you imported. Note that in the Auth column that
there appears an icon of a green locked padlock. This indicates that the imported file was
authenticated. This means that the Azimuth Studio has successfully authenticated the imported
file. If the padlock is red, it means that the file has failed authentication.
1-26
Rev. v4.6
Figure 1-18. Authenticated Imported File
Rev. v4.6
1-27
1-28
Rev. v4.6
Creating and Implementing the ASD Control Library and ASD Control Manager
Appendix A
Additional Configuration and Setup
Information
The following sections provide additional configuration and setup information:
Creating and Implementing the ASD Control Library and
ASD Control Manager
To configure the ASD, you may implement either a control library or a control manager using the Tcl
programming language. By default, the ASD is configured using the Azimuth CCX ASD library,
prompting the user to configure the ASD manually or provide information required for the CCX tests.
If you choose to implement a control library for the ASD, you must implement all of the mandatory
station SDK functions listed in the Azimuth Library Reference document or the Azimuth AP and ASD
Device Library Interface Specification document. You may also implement optional station SDK functions
found in the Azimuth AP and ASD Device Library Interface Specification document. Implementing a
control library allows you to specify custom parameters, such as a user name and password, to connect to
the ASD.
The Azimuth CCX ASD library is used for functions that are not implemented by your control manager.
Implementing a control manager allows you to automate selected SDK functions based on the capabilities
of the ASD.
To summarize, the ASD under test is configured in the following manner:
1.
If a custom ASD control library is implemented, the custom ASD control library is used for all
mandatory station SDK functions. The custom ASD control library is also used for the optional
station SDK functions that it implements. The default Azimuth CCX ASD library is used for all
other optional station SDK functions.
2.
Otherwise, if an ASD control manager is implemented and is selected as the Supplicant in the
CCX Benchmark Test GUI, the ASD control manager is used for those station SDK functions that
it implements. The default Azimuth CCX ASD library is used for all the other station SDK
functions.
3.
Otherwise, the default Azimuth CCX ASD library is used for all station SDK functions.
Refer to the Azimuth Tcl Command and Scripting Reference document and Azimuth Programmer’s Guide
for more information about the Station SDK functions and how to implement a Tcl control library.
Rev. v4.6
A-1
Configuring the ASD in the Azimuth Director Device Manager
Configuring the ASD in the Azimuth Director Device
Manager
The ASD Under Test must be connected to RFM 1 Port 1B on the front panel of the Test System. Follow
the steps described next to configure the ASD parameters in the Azimuth DIRECTOR’s Device Manager.
1.
Select Tools > Connected Devices in the Azimuth DIRECTOR main menu to open the Connected
Devices menu.
2.
2. Select [ New ]. The New Device dialog box opens (Figure A-1).
Figure A-1. New Device Dialog Box
A-2
3.
Select the Application Specific Device option from the Device Type pull-down menu. You are
now ready to add the ASD to the Azimuth DIRECTOR.
4.
Enter the appropriate information in the other fields in the New Device dialog box that pertain to
the ASD. If you have not implemented a Control Library for the ASD, leave the Vendor, Model,
and Version fields blank. When you are done, select [ OK ].
5.
After the ASD is configured in the Device Manager, you can select it as the Device Under Test in
the CCX Test-Bed Setup tab, using the Device Under Test [Browse] button (Figure A-2).
Rev. v4.6
Configuring the ASD in the Azimuth Director Device Manager
Figure A-2. Select Device Dialog Box
6.
The CCX Test Selection tab shows the list of tests that can be run using an ASD (Figure A-3).
Figure A-3. Test Selection Tab
Rev. v4.6
A-3
Installing and Configuring the ACS
The following procedure describes how to install and configure the CiscoSecure Access Control Server
(ACS) onto the Azimuth DIRECTOR PC or another computer that you want to use as the RADIUS server.
Note: CiscoSecure ACS 4.1(1) Build 23 may be installed by upgrading ACS 4.0(1) Build
27. The CCX tests, however, may not function properly if you upgrade CiscoSecure ACS
by installing version 4.1(1) Build 23 over other versions. Uninstall these other versions of
CiscoSecure ACS before installing the CiscoSecure ACS 4.1(1) Build 23.
PREREQUISITES:
■ CiscoSecure ACS (version 4.1(1) Build 23)
■ Internet Explorer 6.0, Service Pack 1
■ Java Runtime Environment (JRE) (version 1.5 or higher) (download from http://java.com/en/
download/manual.jsp)
■ Pub-Net connection
■ Anti Virus Software must be running
Note: Only one CiscoSecure Access Control Server should be running in the network for
the CCX Pre-Certification Benchmark Test.
Procedure: Installing and Configuring the ACS
1.
Run the CiscoSecure ACS installation program on the Azimuth DIRECTOR PC or another
computer that you wish to use as the RADIUS server. The Before You Begin dialog box appears
(Figure A-4).
Figure A-4. Before You Begin Dialog Box
A-4
Rev. v4.6
2.
Select all of the options and select [ Next ]. The Choose Destination Location dialog box appears
(Figure A-5).
Figure A-5. Choose Destination Location Dialog Box
3.
Accept the default destination directory to install the program by Selecting [ Next ]. The
Authentication Database Configuration dialog box appears (Figure A-6).
Figure A-6. Authentication Database Configuration Dialog Box
4.
Select the option Also check the Windows User Database and then select [ Next ]. Selecting this
option allows clients to log in using the user name console and password. azimuth without having
to explicitly configure the password in the CiscoSecure ACS.
Rev. v4.6
A-5
5.
Enter a name for the network access server (NAS). Then enter the appropriate IP address in the
Access Server IP Address and Windows Server IP Address fields. In the TACACS+ RADIUS
Key field enter azimuth. Then select [ Next ] to advance to the Advanced Options dialog box
(Figure A-7). The values in this window allow the CiscoSecure ACS to communicate with a NAS,
which is one of the Cisco APs used in the Azimuth CCX benchmark test. (You can enter other
NAS definitions later when you run the CiscoSecure ACS software in “Configuring the AAA
Client, AAA Server and ACS User” (page A-8)).
Figure A-7. Advanced Options Dialog Box
6.
Do not select any options; select [ Next ]. The Active Service Monitoring dialog box appears
(Figure A-8).
Figure A-8. Active Service Monitoring Dialog Box
A-6
Rev. v4.6
7.
Do not select any options; select [ Next ]. At this time the CiscoSecure ACS in installed on the
Azimuth DIRECTOR PC. The password dialog box appears (Figure A-9).
Figure A-9. Password Dialog Box
8.
Enter a new password in the two text boxes. The CicsoSecure ACS Service Initiation dialog box
appears (Figure A-10).
Figure A-10. CicsoSecure ACS Service Initiation Dialog Box
Rev. v4.6
A-7
9.
If you want the CiscoSecure ACS to run following installation, select the option to start the ACS
now. If you want to set up users, groups, and NASs for the ACS following this installation, select
the option to launch CiscoSecure ACS Administrator. If you want to read the release notes for the
ACS, then select the Readme file option. After you select the options that you desire, select
[ Next ].
Configuring the AAA Client, AAA Server and ACS User
The following procedure describes how to do the following:
■
■
■
Configure each AP as an AAA client
Configure the AAA server
Configure an ACS user on the ACS server using the CiscoSecure ACS software
PREREQUISITES:
■ Install and run the CiscoSecure ACS as described in “Installing and Configuring the ACS” (page
A-4).
Procedure: Configuring the AAA Client, Server and ACS User
1.
Open the CiscoSecure ACS Administrator by selecting the ACS Admin icon on the RADIUS
Server desktop.
2.
Select [ Network Configuration ]. The Network Configuration window appears (Figure A-11).
When you first open the Network Configuration window, the AAA client hostname you defined
during the software installation appears.
Figure A-11. Network Configuration Window
A-8
Rev. v4.6
3.
Select [ Add Entry ] that appears below the AAA Clients list. The AAA Client Setup window
Figure A-12. AAA Client Setup Window
4.
Enter the IP address of the AP you are designating as an AAA client in the AAA Client IP
Address field.
5.
Enter the shared secret for the AAA client in the Key field. The shared secret is the same field
value that is configured in the Radius Setup tab of the Azimuth CCX Pre-Certification Benchmark
Test (see Radius Shared Secret in Table 1.)
6.
Select RADIUS (Cisco Aironet) for the Authenticate Using option.
7.
Select [ Submit + Restart ]. The CiscoSecure ACS Administrator displays the Network
Configuration window refreshed with the new entry appearing in the list of AAA client hostnames
(see example in Figure A-13).
Rev. v4.6
A-9
Figure A-13. Updated AAA Client Hostname List
8.
Select [ Add Entry ] that appears below the AAA Servers list. The Add AAA Server window
Figure A-14. Add AAA Server Window
9.
Enter Director as the name of the RADIUS server in the AAA Server Name field.
10. Enter the IP address of the RADIUS server you are designating as an AAA server in the AAA
Server IP Address field.
11. Enter the shared secret for the RADIUS server in the Key field. The shared secret is the same field
value that is configured in the RADIUS Setup tab of the Azimuth CCX Pre-Certification
Benchmark Test (see Radius Shared Secret in Table 1.)
A-10
Rev. v4.6
12. Select RADIUS (Cisco Aironet) for the Authenticate Using option.
13. Select [ Submit + Restart ]. The CiscoSecure ACS Administrator displays the Network
Configuration window refreshed with the new entry appearing in the list of AAA client hostnames
(see example in Figure A-15).
Figure A-15. Updated AAA Servers Window
14. When you installed the CiscoSecure ACS software, the user console was added to the system. To
configure additional users, select [ User Setup ]; the User Setup window appears (Figure A-16).
You can also edit the settings for existing users by selecting [ User Setup ].
Figure A-16. User Setup Window
15. Enter the name of the user you want to edit or create and select [ Add/Edit ]; the user configuration
window for the created or existing user appears (Figure A-17).
Rev. v4.6
A-11
Figure A-17. User Configuration Window
16. In the User Setup area of the window, select the CiscoSecure Database option for the Password
Authentication pull-down parameter.
17. The default password for the STM and the Azimuth DIRECTOR is azimuth. Azimuth Systems
recommends that you use the password azimuth for the main user (console). (Asterisks are
displayed in place of the password entered.)
18. Select [ Submit ] to accept the changes to the user name.
19. To use certificates supplied with the Azimuth Systems CCX Benchmark Test for PEAP and TLS
authentication, perform the steps detailed in “Importing Azimuth Certificates for PEAP/TLS
Authentication” (page A-13) before proceeding to step 20.
20. To configure the global authentication setup, select [ System Configuration ] and select all of the
parameters shown in Figure A-18. When you are done, select [ Submit + Restart ].
A-12
Rev. v4.6
Figure A-18. Global Authentication Setup
Importing Azimuth Certificates for PEAP/TLS Authentication
Certificates are supplied with the Azimuth Systems CCX Benchmark Test for PEAP and TLS
authentication. The certificate files are located on the Azimuth DIRECTOR in /data/tests/CCX/certificates.
The following procedure describes how to import the certificates.
1.
Create the directory certs on the root of the drive of the ACS server machine.
2.
Copy the following Azimuth-provided files to C:\certs:
acsServerCertificate.pfx
azimuthCCXBenchRootCA.cer
3.
On ACS Server select [ Start ] > Run, and enter mmc in the Run dialog box to open the Microsoft
Management Console (MMC) Console1 explorer window (see Figure A-19).
Rev. v4.6
A-13
Figure A-19. MMC Console1 Explorer Window
4.
Select File > Add/Remove Snap-in in the Microsoft Management Console window. The Add/
Remove Snap-in window opens.
Figure A-20. Add Remove Snap-In Dialog Box
5.
A-14
Select [ Add ]. The Add Standalone Snap-in dialog box opens (see Figure A-21).
Rev. v4.6
Figure A-21. Add Standalone Snap-In Dialog Box
6.
Highlight Certificates, and then select [ Add ]. The Certificates snap-in dialog box opens (see
Figure A-22).
Figure A-22. Certificates Snap-In Dialog Box
7.
Select Computer account and then select [ Next ]. The Select Computer dialog box opens (see
Figure A-23).
Rev. v4.6
A-15
Figure A-23. Select Computer Dialog Box
8.
Select the Local computer option, and then select [ Finish ]. The Select Computer dialog box
closes.
9.
Select [ Close ] to close the Add Standalone Snap-in window. You can see the added entry
“Certificates” in the Add/Remove Snap-in window.
Figure A-24. New Certificate Entry in the Add/Remove Snap-in Dialog Box
10. Select [ OK ] to close the Add/Remove Snap-in window.
11. In the MMC Console1 explorer window, navigate to Certificates > Personal > All Tasks and left-
Select Import (see Figure A-25). The Certificate Import Wizard dialog box opens (see Figure
A-26).
A-16
Rev. v4.6
Figure A-25. Importing the Certificate
Figure A-26. Certificate Import Wizard Dialog Box
12. Select [ Browse ] and navigate to C:\certs\acsServerCertificate.pfx, and select [ Next ].
13. Enter the password azimuth in the Password field, and select the field Mark the private key as
exportable field (see Figure A-27). Then select [ Next ].
Rev. v4.6
A-17
Figure A-27. Certificate Import Wizard Dialog Box
14. Select the option Place all certificates in the following store, and then select [ Next ] (see Figure
A-28). A dialog box appears to verify completion of the certificate importation process. You have
successfully installed the following certificate: acsserver.azimuth.local.
Figure A-28. Certificate Store Dialog Box
15. Select [ Finish ] to close the wizard completion dialog box. Close any other dialog boxes that
appear to indicate successful certificate importation.
16. Navigate to the Certificates > Trusted Root Certificate Authorities > Certificates > All Tasks
and left-click Import.
17. Navigate to the path C:\certs\azimuthCCXBenchRootCA.cer and select [ Next ].
18. Select [ Next ].
19. Select [ Finish ]. The Azimuth CCX Benchmark Root Certificate Authority (CA) has now
been installed; this is the issuing root certificate authority of the client certificate
(console_clientCertificate.pfx).
A-18
Rev. v4.6
20. To ensure that the ACS server trusts client certificates created by Azimuth CCX Benchmark
Root CA, you must install the issuing root certificate authority on the ACS server and then
configure the ACS server to add this authority to its trusted list of certificate authorities. You can
do this by doing the following:
a.
Open a web browser and navigate to the ACS server by entering the following URL:
http://ACS-ip-address:2002/
where ACS-ip-address is the IP address of the ACS server.
b.
Select System Configuration.
c.
Select ACS Certificate Setup.
d.
Select Install ACS Certificate.
e.
Select the Use certificate from storage option.
f.
Enter the following certificate name in the Certificate CN field:
acsserver.azimuth.local
g.
Select [ Submit ].
h.
Select System Configuration > ACS Certificate Setup.
i.
Select the following link (found on the right side of the panel): Edit the Certificate Trust
List.
j.
Select all check boxes that correspond to CAs that the ACS server should trust, (including
Azimuth CCX Benchmark Root CA) (see Figure A-29).
Figure A-29. Certificate Store Dialog Box
k.
Select [ Submit ].
21. Navigate to the main admin page of the ACS server web pages.
22. Select System Configuration, and then select Service Control.
Rev. v4.6
A-19
23. Select Restart to restart the ACS service.
Note: Install the console_clientCertificate.pfx client certificate on each client station by
copying the file to each client station and then double-clicking the file to initiate the
Windows Certificate Import Wizard. During that installation process, use the password
azimuth and check the Mark keys as exportable option.
Configuring the ACS for Network Admission Control (NAC)
The following procedure describes how to configure the ACS to do the following:
■
Configure a Network Access Filter and RADIUS Authorization Components.
■
Configure a Posture Validation Policy.
■
Configure a Network Access Profile.
■
Enable Client Posture Validation and Assessment Logging.
PREREQUISITES:
■
Install and run the CiscoSecure ACS as described in “Installing and Configuring the ACS”
(page A-4).
Configuring the ACS for Network Admission Control (NAC):
1.
Copy the file new_avps.ini from the Azimuth DIRECTOR (\data\tests\CCX\NAC) to the ACS
server (\Program Files\CiscoSecure ACS v4.0\bin\).
2.
Open a command window and enter the following command:
csutil -addAVP new_avps.ini
Messages appear to notify you that the new attributes were added to the database. Follow the onscreen instructions and restart the ACS computer.
A-20
3.
Server desktop.
4.
From the ACS main menu, select [ Interface Configuration ]. The Interface Configuration window
appears (Figure A-30). Select RADIUS (IETF).
Rev. v4.6
Figure A-30. Interface Configuration Window
5.
Scroll down and ensure that [064] Tunnel Type, [065] Tunnel-Medium-Type and [081] TunnelPrivate-Group-ID are selected (Figure A-31).
Rev. v4.6
A-21
Figure A-31. RADIUS (IETF) Interface Configuration Window
6.
A-22
From the ACS main menu, select [ Shared Profile Components ]. The Shared Profile Components
window appears (Figure A-32).
Rev. v4.6
Figure A-32. Shared Profile Components Window
7.
Select Network Access Filtering and click Add to create a filter. The Network Access Filtering
window appears (Figure A-33).
Rev. v4.6
A-23
Figure A-33. Network Access Filtering Window
A-24
8.
Provide a name for the filter. Select the network devices listed and using the arrow button, move
all of the devices to the Selected Items field. You will notice that the devices listed are the APs
that you have already configured as AAA clients.
9.
Click [ Submit ] to add the filter. This Network Access Filter (Figure A-34) will be used later
during the creation of the Access Service and will define the devices to which the Access Service
applies.
Rev. v4.6
Figure A-34. Network Access Filter Window
10. Return to the Shared Profile Components menu. Select RADIUS Authorization Components and
click the [ Add ] button. The RADIUS Authorization Components window appears (Figure A-35).
11. Provide a name. A different RAC will be created for each of the three VLANs that are required for
the Network Admission Control tests, so the name should be descriptive enough to identify which
VLAN is being assigned. We will first create a RAC for VLAN 1 that will include Windows 2000
clients.
12. From the drop-down menu in the IETF field, select Tunnel-Type (64) and click [ Add ].
Rev. v4.6
A-25
Figure A-35. RADIUS Authorization Components Window
13. The RAC Attribute Add/Edit page appears (Figure A-36). In the Value drop-down menu, select
VLAN (13) and then click [ Submit ].
Figure A-36. RAC Attribute Add/Edit – Tunnel-Type Window
A-26
Rev. v4.6
14. Add a second attribute using the IETF drop-down menu again. Select Tunnel-Medium-Type (65)
and click [ Add ]. In the Value drop-down menu on the RAC Attribute Add/Edit page (Figure
A-37), select 802 (6) and then click [ Submit ].
Figure A-37. RAC Attribute Add/Edit – Tunnel-Medium-Type Window
15. Add a third attribute using the IETF drop-down menu again. Select Tunnel-Private-Group (81)
and click [ Add ]. In the Value field on the RAC Attribute Add/Edit page (Figure A-38), enter 1 as
the VLAN Number and then click [ Submit ].
Rev. v4.6
A-27
Figure A-38. RAC Attribute Add/Edit – Tunnel-Private-Group-ID for VLAN 1 Window
16. Repeat steps 10 through 15 to create a second RAC for VLAN 2 that will include Windows XP
clients. When adding the Tunnel-Private-Group-ID (81) (Figure A-39), enter 2 as the VLAN
Number.
A-28
Rev. v4.6
17. Repeat steps Figure A-41 through 13 to create a third RAC for VLAN 3 that will include clients
with a changed posture. When adding the Tunnel-Private-Group-ID (81) (Figure A-40), enter 3
as the VLAN Number.
18. The Radius Authorization Components window (Figure A-41) displays the three RACs you have
created in steps 10 through 17.
Rev. v4.6
A-29
Figure A-41. RACs for CCX Testing
19. From the ACS main menu, select [ Posture Validation ]. The Posture Validation Components Setup
window appears (Figure A-42). Select Internal Posture Validation Setup.
Figure A-42. Posture Validation Components Setup Window
20. The Posture Validation Policies window appears (Figure A-43). Select the [ Add Policy ] button.
A-30
Rev. v4.6
Figure A-43. Posture Validation Policies Window
21. The Posture Validation Policy window appears (Figure A-44). Input a name for the policy, and
select [ Submit ].
Figure A-44. Posture Validation Policy Window
22. In the Edit Posture Validation Rules window (Figure A-45), add a rule for Windows 2000 clients
by clicking the [ Add Rule ] button.
Rev. v4.6
A-31
Figure A-45. Posture Validation Rules Window
23. The Edit Posture Validation Rule window appears (Figure Figure A-46). In the Posture
Assessment section, select Cisco:PA as the Credential and Healthy as the System Posture Token
from the drop-down boxes. Enter a descriptive notification string. Select [ Add Condition Set ].
Figure A-46. Posture Validation Rule Window
24. The Add/Edit Condition window appears (Figure A-47). In the Attribute drop-down box, select
Cisco:PA:OS-Type. In the Operator drop-down box, select contains. In the Value field, enter
Windows 2000. Click enter and then [ Submit ].
A-32
Rev. v4.6
Figure A-47. Add/Edit Condition for Windows 2000 Clients
25. Click [ Submit ] in the Posture Validation Rule window (Figure A-48) to complete the rule
addition.
Figure A-48. Posture Validation Rule for Windows 2000 Clients
Rev. v4.6
A-33
26. Repeat steps 22 through 25 to add a second Posture Validation Rule for Windows XP clients. In the
Posture Assessment section in the Edit Posture Validation Rule window, select Cisco:PA as the
Credential and Quarantine as the System Posture Token from the drop-down boxes. In the
Attribute drop-down box in the Add/Edit Condition window (Figure A-49), select Cisco:PA:OSType. In the Operator drop-down box, select contains. In the Value field, enter Windows XP.
Figure A-49. Add/Edit Condition for Windows XP Clients
27. Repeat steps 22 through 25 to add a third Posture Validation Rule for clients with a changed
posture. In the Posture Assessment section in the Edit Posture Validation Rule window, select
Cisco:PA as the Credential and Infected as the System Posture Token from the drop-down boxes.
In the Attribute drop-down box in the Add/Edit Condition window (Figure A-50), select
Cisco:Script-001:Script-Name. In the Operator drop-down box, select !=. In the Value field,
enter:
Script “posture_file_01”
A-34
Rev. v4.6
Figure A-50. Add/Edit Condition for Clients with a Changed Posture
28. The Posture Validation Rules window (Figure A-51) displays the three rules you have added to the
NAC-TEST policy. Use the Up and Down buttons to move the Cisco:Script-001:Script-Name !=
Script “posture_file_01” rule to the top of the list. Click the [ Done ].
Figure A-51. Posture Validation Rules for CCX Testing
Rev. v4.6
A-35
29. The Posture Validation Policies window (Figure A-52) displays the three rules you have added to
the NAC-TEST policy. Click the [ Apply and Restart ] button to complete the local posture policy
addition.
Figure A-52. Posture Validation Policy for CCX Testing
30. From the ACS main menu, click [ Network Access Profiles ]. The Network Access Profile window
displays (Figure A-53).
Figure A-53. Network Access Profile Window
A-36
Rev. v4.6
31. Click [ Add Profile ]. The Profile Setup window displays (Figure A-54).
32. Enter a name for the profile.
Note: You also need to enter this profile name in the RADIUS Setup Tab in the Azimuth CCX
Benchmark Test GUI so that the profile can be activated and deactivated automatically.
Figure A-54. Profile Setup Window
Note: Leave the Active box unchecked to disable NAC. NAC should be disabled for all CCX tests
except the CCXv4, Section 5 (Network Admission Control) tests. The test script automatically
enables and disables NAC as required when the NAC tests are run.
33. Select the NAF that includes the AP devices from the Network Access Filter (NAF) drop-down
menu and click [ Submit ].
34. In the Network Access Profiles window (Figure A-55), click Protocol. The Authentication
Settings window displays (Figure A-56).
Rev. v4.6
A-37
Figure A-55. Network Access Profile for CCX Testing
A-38
Rev. v4.6
Figure A-56. Authentication Settings Window
35. Click Populate from Global and verify that the authentication settings are configured as they
were in the global authentication settings.
36. Scroll down to the EAP-FAST Authentication Settings section (Figure A-57). Set Posture
Validation to None and click [ Submit ].
Note: Posture Validation should be disabled for all CCX tests, except CCXv4 Section 5 (Network
Admission Control) tests. The test script automatically enables and disables Posture Validation as
required when the NAC tests are run.
Rev. v4.6
A-39
Figure A-57. Authentication Settings – EAP-FAST Window
37. In the Network Access Profiles window (Figure A-55), click Authentication and, depending on the
database option selected during installation, add ACS Internal Database or Windows Database
(Figure A-58).
Figure A-58. Add Database
A-40
Rev. v4.6
38. In the Network Access Profiles window (Figure A-55), click Posture Validation. The Posture
Validation Rules window displays (Figure A-59). Click [ Add Rule ].
Figure A-59. Posture Validation Window
39. The Posture Validation Rule window displays (Figure A-60). Provide a name for the posture
validation rule. Add Cisco:PA and Cisco:Script-001 to the list of Selected Credentials.
Figure A-60. Posture Validation Rule Window
Rev. v4.6
A-41
40. Scroll down and select the Internal Posture Validation Policy that you created previously (Figure
A-61).
Figure A-61. Posture Validation Rule – Internal Posture Validation Policy Window
41. Scroll down and add descriptive PA Messages in the Assessment Result Configuration section
(Figure A-62). Click [ Submit ].
A-42
Rev. v4.6
Figure A-62. Posture Validation Rule – Assessment Result Configuration Window
42. Click [ Done ] to complete the Posture Validation configuration in the Network Access Profile
(Figure A-63).
Rev. v4.6
A-43
Figure A-63. Posture Validation Rule for CCX Testing
43. In the Network Access Profiles window (Figure A-52), select Authorization. The Authorization
window appears (Figure A-64). Select [ Add Rule ].
Figure A-64. Authorization Rules Window
A-44
Rev. v4.6
44. The Authorization Rules window appears (Figure A-65).
Figure A-65. Authorization Rules for CCX Testing Window
45. To add the first authorization rule, select 0:Default Group as the User Group, Healthy as the
Assessment Result, and Healthy as the Shared RAC.
46. To add the second authorization rule, click [ Add Rule ] and select 0:Default Group as the User
Group, Quarantine as the Assessment Result, and Quarantine as the Shared RAC.
47. To add the third authorization rule, click [ Add Rule ] and select 0:Default Group as the User
Group, Infected as the Assessment Result, and Infected as the Shared RAC.
48. Select Deny Access if a condition is not defined or there is no matched condition.
49. Click [ Submit ].
50. From the ACS main menu, select [ System Configuration ]. The System Configuration window
appears (Figure A-66). Select Logging.
Rev. v4.6
A-45
Figure A-66. System Configuration Window
51. The Logging Configuration window displays (Figure A-67). Select CSV Passed Authentications.
Figure A-67. Logging Configuration Window
52. The CSV Passed Authentications File Configuration window appears (Figure A-68). Enable the
Log to CSV Passed Authentications report. Add the following additional attributes to the
Logged Attributes list:
A-46
❏
EAP Type
❏
Shared RAC
❏
System-Posture-Token
Rev. v4.6
❏
Cisco:PA:OS-Type (since this is the information our policy requests from the client)
❏
Reason
Figure A-68. CSV Passes Authentications Logging Configuration Window
53. Select [ Submit ] to save the changes.
54. Repeat steps 51 through 53 for CSV Failed Attempts.
After the ACS has been configured for Network Admission Control, reboot the ACS server to
ensure that all configuration updates have taken effect. The ACS server should then be ready to
authenticate and validate the posture for NAC enabled clients.
Configuring the ACS for Automated Control
The following procedure describes how to add an administrator user in the ACS so that the following tasks
can be performed automatically on the ACS during CCXv4 testing:
■
■
■
■
Activate or de-activate Network Admission Control (NAC).
Allow or deny network access based on the Client Posture Assessment.
Verify that the Client Posture is transmitted correctly during NAC.
Set the Inner Authentication method, such as EAP-GTC, to be used with EAP-FAST and PEAP
authentication.
Rev. v4.6
A-47
Note: You must close all Web browser windows that may be opened to the ACS server
before running the CCXv4 tests.
PREREQUISITES:
■ Install and run the CiscoSecure ACS as described in “Installing and Configuring the ACS” (page
A-4).
■ Install the Java Runtime Environment (JRE) (version 1.5 or higher) on the Azimuth DIRECTOR
(download from http://java.com/en/download/manual.jsp)
Configuring the ACS for Automated Control:
1.
Server desktop.
2.
From the ACS main menu, select [ Administrator Control ]. The Administration Control window
appears (see Figure A-69).
Figure A-69. Administration Control Window
3.
A-48
Select [ Add Administrator ]. The Add Administrator window appears (see Figure A-70).
Rev. v4.6
Figure A-70. Add Administrator Window
4.
Enter the administrator name.
5.
Enter the password and re-enter it to confirm.
6.
To control ACS automatically, you will need to enter the administrator name and password in the
ACS Username and ACS Password fields in the RADIUS Setup Tab in the Azimuth CCX
Benchmark Test GUI.
7.
Select Grant All to grant unrestricted privileges to the user you are creating (see Figure A-71).
Rev. v4.6
A-49
Upgrading the Cisco AP
Figure A-71. Granting Unrestricted Privileges
8.
Select [ Submit ] when done.
Upgrading the Cisco AP
The following procedure describes how to properly upgrade the Cisco APs in the Azimuth Systems CCX
Benchmark test bed. This procedure describes how to properly copy the Cisco upgrade file to the AP, free
up space on the AP if there is not enough room for the upgrade, and how to install the AP software
upgrade.
Note: The Cisco Aironet interface may not allow the transfer of the Cisco AP upgrade
file. Please follow the instructions provided in this subsection to upgrade the Cisco AP.
Upgrading the Cisco AP in the Test Bed:
1.
Obtain the Cisco AP upgrade from the Cisco Systems web site.
2.
Copy the Cisco AP upgrade file to the following path on the Azimuth DIRECTOR PC:
c:/TFTPBOOT/
3.
A-50
Open a Telnet session between the Azimuth DIRECTOR and the Cisco AP and transfer the
upgrade file to the AP by doing the following:
Rev. v4.6
Configuring FTP
a.
In Windows, select Start > Run and enter the following in the Run dialog box:
telnet n.n.n.n
where n.n.n.n is the AP IP address.
b.
At the Telnet prompt, log in using Cisco as both the user name and password.
c.
At the AP’s CLI prompt, enter the enable password Cisco.
d.
Ensure that there is enough room in the AP flash directory by typing show flash in the AP CLI
interface.
e.
If there is not enough free space to copy the upgrade software to the AP flash directory, delete
unnecessary files. For example, consider deleting crash log files, which take up the most space
and are often unnecessary after debugging problems with the AP.
f.
To delete files in the Cisco flash directory, enter the following (where filename is the name of
the file you want to delete):
del /force flash:<filename>
4.
To copy the AP software upgrade from the Azimuth DIRECTOR to the AP flash directory and
then install the upgrade, type the following (where 192.168.1.128 is the AP’s IP address and
c1200-k9w7-tar.123-2.JA2.tar is the name of the AP upgrade file):
archive download-sw /overwrite/reload tftp://192.168.1.128/c1200k9w7-tar.123-2.JA2.tar
5.
When the new AP software upgrade has been copied and installed, the Cisco Aironet interface
shows a diagnostic screen. You must either reload the AP by typing reload in the Telnet session or
you must power cycle the AP.
Configuring FTP
FTP is automatically enabled on the Azimuth DIRECTOR. In the event that FTP is not enabled, use the
following procedure to do so.
1.
Select Windows Start > Settings > Control Panel. The Control Panel window opens.
2.
Double-click Administrative Tools in the Control Panel. The Administrative Tools window opens.
3.
Double-click Internet Services Manager in the Administrative Tools window. Internet
Information Services window opens.
4.
Double-click director to expand the explorer tree in the left pane. The Azimuth Director FTP
Server option appears in the tree (Figure A-72).
Figure A-72. Internet Services Manager Window
Rev. v4.6
A-51
Configuring FTP
5.
Right-click Azimuth Director FTP Server and select Properties in the pop-up menu. The
Azimuth Director FTP Server Properties window opens (Figure A-73).
Figure A-73. Azimuth DIRECTOR FTP Server Properties Window
6.
Select the FTP Site tab.
7.
Select the All Unassigned pull-down option for the IP address field.
8.
Select [ OK ]. The Azimuth Director FTP Server Properties window closes.
9.
Close the Internet Information Services window.
10. Right-click the My Computer icon on the desktop and select the Manage option. The Computer
Management window opens.
11. Double-click Services and Applications in the left pane of the Computer Management window.
12. Select the Services in the explorer tree in the left pane of the Computer Management window.
13. Right-click the FTP Server option in the right pane and select the Stop option.
14. Right-click the FTP Server option in the right pane and select the Restart option.
A-52
Rev. v4.6
Configuring TFTP
Configuring TFTP
TFTP is automatically enabled on the following Azimuth DIRECTOR Test-Net subnet addresses:
■
■
■
192.168.1.0
192.168.3.0
192.168.4.0
Note: The size of the subnet mask for each of these three subnet addresses is 24 bits.
If the IP address of the DUT does not belong to one of these subnets, then you will have to manually
configure TFTP; TFTP is used to transfer RM request files from the Azimuth DIRETOR to the APs.
The following procedure describes how to enable TFTP on the Azimuth DIRECTOR Test-Net interface
using the 3Com TFTP configuration utility.
1.
In the Windows menu select Start > Settings > Control Panel.
2.
Double-click 3COM TFTP.
3.
Select the Network Card tab.
4.
Select all the addresses configured on the Test-Net interface (192.168.1.1, 192.168.2.1,
192.168.3.1, 192.168.4.1) as shown in Figure A-74.
Figure A-74. File Transfer Tab in the 3Com TFTP Window
Rev. v4.6
A-53
Configuring the Cisco 4400 Controller
5.
Restart the TFTP service using [ Stop ] and [ Start ] in the 3Com TFTP Service tab (Figure A-75).
Figure A-75. Service Tab in the 3Com TFTP Window
Before using the Cisco 4400 Controller for running CCX tests, follow the next series of steps to initialize
the Controller.
1.
Use a serial cable and an application such as Windows Hyperterminal to open a console
connection into the Controller. In the details presented after step 2:
a.
The console output of the Controller is shown in blue.
b. The text that you need to type is shown in red.
c.
'(Cisco Controller) >' is the Controller prompt.
d. Lines beginning with '####' are comments.
2.
If the Controller Configuration is set to Factory Defaults, you can skip to the next step and
configure the Controller using the "Cisco Wizard Configuration Tool." Otherwise, reset the
Controller to Factory defaults as shown below.
(Cisco Controller) >reset system
The system has unsaved changes.
Would you like to save them now? (y/n) y
Configuration Saved!
System will now restart!
......
Enter User Name (or 'Recover-Config' this one-time only to reset configuration to factory defaults)
A-54
Rev. v4.6
User: Recover-Config
Initiating system recovery process... please wait
Rebooting system
.......
3.
Configure the Controller using the "Cisco Wizard Configuration Tool" as shown below:
Welcome to the Cisco Wizard Configuration Tool
Use the '-' character to backup
System Name [Cisco_40:f0:43]:
#### Press <ENTER> to accept the default System Name.
Enter Administrative User Name (24 characters max): admin
#### Enter a user name that you can use to telnet into the Controller.
#### You must enter this username as the "WLC Username" in the Options Setup tab in the
Azimuth CCX Benchmark Test GUI.
Enter Administrative Password (24 characters max): admin
#### Enter a password that you can use to telnet into the Controller.
#### You must enter this password as the "WLC Password" in the Options Setup tab in the
Azimuth CCX Benchmark Test GUI.
Service Interface IP Address Configuration [none][DHCP]:
#### Press <ENTER> to accept the default DHCP setting.
Enable Link Aggregation (LAG) [yes][NO]:
#### Press <ENTER> to accept the default NO setting.
Management Interface IP Address: 192.168.1.189
#### Enter an IP address in the same sub-net as the Test-Net.
#### You must enter this IP address while adding a Light-weight AP in the DIRECTOR's
"Connected Devices" Tool.
Management Interface Netmask: 255.255.255.0
#### Enter the same sub-net as the Test-Net.
Management Interface Default Router: 192.168.1.1
### Enter the DIRECTOR Test-Net IP as the Default Router.
Management Interface VLAN Identifier (0 = untagged):
#### Press <ENTER> to accept the default 0 setting.
Management Interface Port Num [1 to 2]: 1
#### Enter the Controller port number that is connected to the Test-Net
Management Interface DHCP Server IP Address: 192.168.1.1
Rev. v4.6
A-55
### Enter the DIRECTOR Test-Net IP as the DHCP Server.
AP Transport Mode [layer2][LAYER3]:
#### Press <ENTER> to accept the default LAYER3 setting.
AP Manager Interface IP Address: 192.168.1.249
#### Enter another IP address in the same sub-net as the Test-Net.
AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (192.168.1.1):
#### Press <ENTER> to accept the default setting.
Virtual Gateway IP Address: 1.1.1.1
#### Enter an IP address that does not exist
Mobility/RF Group Name: Lab
#### Enter any name
Network Name (SSID): CCX1
#### Enter any name
Allow Static IP Addresses [YES][no]:
#### Press <ENTER> to accept the default YES setting.
Configure a RADIUS Server now? [YES][no]: no
#### Enter 'no' to skip RADIUS Server configuration.
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code (enter 'help' for a list of countries) [US]:
#### Press <ENTER> to accept the default US setting.
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configuration saved!
Resetting system with new configuration...
A-56
Rev. v4.6
Configuring WLSE
4.
When the Controller boots up, login to enable telnet and web access as shown below:
User: admin
Password:*****
#### Enable telnet access
(Cisco Controller) >config network telnet enable
#### Enable Web Browser access
(Cisco Controller) >config network webmode enable
(Cisco Controller) >
Note: The 4400 Controller supports a maximum of 5 simultaneous telnet connections.
Ensure that there are no more than 4 telnet connections open to the 4400 Controller before
running any test.
Configuring WLSE
Note: This section describes configuration of the WLSE version 2.9. Configuration of
higher versions of WLSE may vary slightly.
The following subsections describe how to configure the Cisco Wireless LAN Solution Engine (WLSE)
for use with in the CCX benchmark test for tests 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio
Monitoring and 4.7.5.3, WLSE Testing: Multiple RM Requests — Client Walkabout.
■
■
■
■
■
■
■
■
■
■
■
■
■
“Connecting the WLSE to the Network” (page A-58)
“AP Discovery” (page A-58)
“Specifying WLCCP Credentials for the WDS” (page A-59)
“Running the Discovery Wizard to Seed Devices” (page A-59)
“Viewing Discovery Logs” (page A-62)
“Managing and Unmanaging devices” (page A-62)
“Deleting RM Measurements” (page A-63)
“Radio Monitoring” (page A-65)
“Displaying Faults to Verify Rogue AP Detection” (page A-68)
“Client Walkabout” (page A-68)
“Creating a New Client Walkabout” (page A-68)
“Running a Client Walkabout” (page A-72)
“Radio Parameter Generation” (page A-73)
Rev. v4.6
A-57
Configuring WLSE
Reference the following Cisco documents for detailed information:
■
■
User Guide for the Cisco Works Wireless LAN Solution Engine (part number 78-16193.01)
Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine (part
number 78-16345-01)
Connecting the WLSE to the Network
This subsection describes how to connect the WLSE to the physical test configuration.
Note: Remember to configure the Azimuth DIRECTOR PC (192.168.1.1) as the default
gateway (as shown in step 3 in the following procedure). Otherwise, you may not be able
to log on to the WLSE using a web browser.
Connecting the WLSE:
1.
Connect the WLSE to Test-Net so that it can communicate with the Access Points used in the CCX
Tests. You can connect either of the two Ethernet ports on the WLSE to the Test-Net switch.
2.
Connect a monitor and keyboard to the WLSE, and log-on to it using the user name admin.
3.
Configure an appropriate IP address in the Test-Net subnet on the WLSE interface that is
connected to Test-Net. For example, if the WLSE is connected to Test-Net using the eth0 interface
and you wish to configure the address 192.168.1.200 on the eth0 interface, use the following
command on the WLSE CLI:
interface eth0 192.168.1.200 255.255.255.0 default-gateway
192.168.1.1
4.
Enter the WLSE IP address in the CCX GUI, in the Test-Bed Setup tab.
5.
To use a browser from the Azimuth DIRECTOR PC to configure the WLSE, log-on to the WLSE
and enable the http-server from the command line using the following commands:
http-server accept 192.168.1.1 255.255.255.0
To use port 80 for HTTP access instead of the default port 1741:
http-server port 80
AP Discovery
When running tests 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio Monitoring and 4.7.5.3, WLSE
Testing: Multiple RM Requests — Client Walkabout, you will be prompted to select some APs as managed
by the WLSE. Run the Discovery Wizard on the WLSE, as described in the User Guide for the CiscoWorks
Wireless LAN Solution Engine, and then select one or more APs as a Managed Device, as described in that
guide. You need to run the Discovery Wizard only if the APs are not already discovered by the WLSE.
A-58
Rev. v4.6
Configuring WLSE
Specifying WLCCP Credentials for the WDS
This subsection describes how to specify the Wireless LAN Context Control Protocol (WLCCP) RADIUS
credentials for the Wireless Domain Service (WDS). See the User Guide for the CiscoWorks Wireless LAN
Solution Engine for more details.
1.
Log on to WLSE using your web browser.
2.
Select Devices > Discover > Device Credentials > WLCCP Credentials.
3.
In the Radius Username and Radius Password fields, enter the user name console and password
azimuth. This is the same access information you entered in the RADIUS Setup tab of the CCX
GUI (see Figure A-76).
Figure A-76. Specifying RADIUS User Name and Password
4.
To modify the WLCCP credentials, change the fields as needed.
5.
To save the credentials, select Save.
Running the Discovery Wizard to Seed Devices
This subsection describes how to add seed devices in the WLSE.
1.
2.
Select Devices > Discover > Discover > Discovery Wizard.
3.
Select the Automatic Device Discovery based on Cisco Discovery Protocol discovery option
(see Figure A-77).
Rev. v4.6
A-59
Configuring WLSE
Figure A-77. Running the Discovery Wizard
4.
Select Next.
5.
Select Run Now for the Type of CDP Discovery option (see Figure A-78).
Figure A-78. Starting CDP Discovery
A-60
6.
Select Next to continue.
7.
Enter the SNMP community string. This should match the SNMP Community string configured in
the CCX Tests GUI in the AP/Radius/WLSE Setup tab (see Figure A-79).
Rev. v4.6
Configuring WLSE
Figure A-79. Entering the SNMP Community String
8.
Select Next.
9.
Add seed devices by entering comma-separated IP addresses of all the APs used in the CCX tests
(see Figure A-80).
Figure A-80. Adding Seed Devices
10. Select Next.
11. Verify that your settings are correct and select Finish (see Figure A-81).
Rev. v4.6
A-61
Configuring WLSE
Figure A-81. Verifying Settings
Viewing Discovery Logs
This subsection describes how to view discovery logs in the WLSE interface.
1.
2.
Select Devices > Discover > DISCOVER > Logs.
3.
To view details about the Run Now CDP Discovery—on-demand discovery job, select the job
and select Discovery Run Detail. The Discovery Run Detail window shows the start and end
times of the job run, whether it succeeded, and other details.
4.
To refresh the display, select Refresh.
Managing and Unmanaging devices
This subsection describes how to use the WLSE to manage and unmanage devices.
1.
2.
Select Devices > Discover > Managed Devices > Manage/Unmanage. The following folders are
displayed:
3.
4.
A-62
❏
Newly discovered devices (New folder).
❏
Managed devices (Managed folder)
❏
Unmanaged devices (Unmanaged folder).
To manage a Newly Discovered Device:
❏
Select the New folder.
❏
Select the devices you want to change.
❏
Select Manage. Devices will be moved into the Managed folders.
To unmanage devices, select Unmanage. Devices will be moved into the Unmanaged folder.
Rev. v4.6
Configuring WLSE
Deleting RM Measurements
This subsection describes how to delete radio monitoring measurements on the WLSE. Refer to the User
Guide for the CiscoWorks Wireless LAN Solution Engine for more details.
1.
2.
Select Sites > Manage Data (see Figure A-82).
Figure A-82. Deleting Radio Monitoring Measurements
3.
Choose both Radio and Walkabout Measurements to delete all measurements (see Figure A-83).
Figure A-83. Deleting Measurements
4.
Select Devices. All managed devices are listed in the Device selector in the middle pane (see
Figure A-84).
Rev. v4.6
A-63
Configuring WLSE
Figure A-84. Viewing Managed Devices
5.
Select all devices.
6.
Select Filter By PHY (see Figure A-85).
Figure A-85. Selecting Filtering
A-64
7.
Select all 802.11 radio types.
8.
Select Finish in the left pane. The data for the selected devices and radio types is deleted
immediately (see Figure A-86).
Rev. v4.6
Configuring WLSE
Figure A-86. Selecting Radio Types
Radio Monitoring
Test 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio Monitoring, requires Radio Monitoring (RM)
to be run on the WLSE, detailed next. Refer to the User Guide for the CiscoWorks Wireless LAN Solution
Engine for help with Radio Monitoring.
1.
2.
Select Radio Manager > Radio Monitoring. The Radio Monitoring Options window appears
(see Figure A-86).
Figure A-87. Selecting Radio Monitoring
3.
Select Enable to monitor your WLAN environment (see Figure A-88).
Rev. v4.6
A-65
Configuring WLSE
Figure A-88. Enabling the WLAN Environment
4.
Select Clients for both Serving Channel Monitoring and Non-Serving Channel Monitoring.
5.
Enable Add Newly Managed AP to Selected AP List.
6.
Select AP. All managed devices are listed in the Device selector in the middle pane (see Figure
A-89).
Figure A-89. Listing Managed Devices
A-66
7.
Select the devices you want to monitor.
8.
Select Filter By PHY to select the type of 802.11 radio that you want to monitor (see Figure
A-90).
Rev. v4.6
Configuring WLSE
9.
Select Finish. The Finish dialog box appears (see Figure A-91).
Figure A-91. Finishing
10. Select Save to save your radio monitoring options.
Radio Monitor will now begin monitoring the devices you selected. Radio Monitoring takes
measurements every 90 seconds (see Figure A-92).
Figure A-92. Saving Options
Rev. v4.6
A-67
Configuring WLSE
Displaying Faults to Verify Rogue AP Detection
To verify Rogue AP detection at the end of Test 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio
Monitoring, you can view Faults by following the next series of steps.
1.
2.
Select Faults > Display Faults. The Fault window appears (see Figure A-93).
Figure A-93. Displaying Faults
3.
Use the Filter: bar to display the faults you want to view:
4.
Enter the number of seconds (30 seconds or higher) to indicate how often you want the screen to
refresh. The default is 300 seconds (5 minutes).
Client Walkabout
Test 4.7.5.3, WLSE Testing: Multiple RM Requests — Client Walkabout, requires a Client Walkabout job to
be run on the WLSE. Refer to the User Guide for the CiscoWorks Wireless LAN Solution Engine for help
with running a Client Walkabout job.
Creating a New Client Walkabout
The following procedure describes how to create a new client walkabout on the WLSE.
A-68
1.
2.
Select Sites > Client Walkabout (see Figure A-94).
Rev. v4.6
Configuring WLSE
Figure A-94. Creating a New Client Walkabout
3.
Select New.
4.
From the menu in the left pane, select Name and enter a name for the Walkabout job (see Figure
A-95).
Figure A-95. Naming the Client Walkabout
5.
From the menu in the left pane, go to the next step, Select the APs (see Figure A-96).
Rev. v4.6
A-69
Configuring WLSE
Figure A-96. Selecting APs
6.
Select the APs you want to include in the session.
7.
From the menu in the left pane, go to the next step, Select Radio Types.
8.
9.
Select the type of 802.11 radio that will perform the client walkabout. By default, both options
(11a and 11b/11g) are selected.
10. From the menu in the left pane, go to the next step, Enter Client MAC Addresses (see Figure
A-98).
A-70
Rev. v4.6
Configuring WLSE
Figure A-98. Entering Client MAC Addresses
11. Select Enter Client MAC.
12. Enter the 802.11 MAC address of the DUT. You can obtain the DUT MAC Address from the start
of the CCX Test Log.
13. From the menu in the left pane, select the next task, Enter Walkabout Options (see Figure A-99).
Figure A-99. Entering Walkabout Options
14. Select Options.
15. Select the AP power setting (maximum).
16. Select Finish in the left pane (see Figure A-100).
Rev. v4.6
A-71
Configuring WLSE
Figure A-100. Finishing Walkabout Settings
17. Select Save to add the walkabout to the list of client walkabouts (see Figure A-101).
Figure A-101. Saving Client Walkabout to the Walkabout Client List
Running a Client Walkabout
This subsection describes how to run the walkabout on the WLSE.
A-72
1.
2.
Select Sites > Client Walkabout. A list of the current Client Walkabout sessions appears.
3.
Select the name of the client walkabout session that you want to run from the list.
4.
Select Start.
5.
When you are prompted by the CCX Test Script, stop the walkabout. Select the walkabout session
name from the list and select Stop.
Rev. v4.6
Configuring WLSE
Radio Parameter Generation
Test 4.7.5.3, WLSE Testing: Multiple RM Requests — Client Walkabout, requires you to verify Radio
Parameter Generation, detailed next. Refer to the User Guide for the CiscoWorks Wireless LAN Solution
Engine for more details.
1.
2.
Select Sites > Assisted Configuration. The RM assisted configuration information appears (see
Figure A-102).
Figure A-102. Radio Parameter Generation
3.
Enter a task name in the blank field and select New. The screen refreshes with the Job Name dialog
box in the right pane, and the Task Creation job in the left pane.
4.
From the menu in the left pane, select Name and enter a valid name (see Figure A-103).
Figure A-103. Naming the Job
5.
From the menu in the left pane, go to the next step, Selecting Devices.
6.
Select Select Devices. All managed devices are listed in the Device selector in the middle pane
(see Figure A-104).
Rev. v4.6
A-73
Configuring WLSE
Figure A-104. Selecting Devices
7.
Select the devices you want to include in the job.
8.
From the menu in the left pane, go to the next step, Filtering by PHY.
9.
Figure A-105. Filtering by PHY
10. Select the type of 802.11 radio that you want to include in the assisted configuration task.
11. From the menu in the left pane, go to the next step, Assigning Constraints and Goals (see Figure
A-106).
A-74
Rev. v4.6
Configuring WLSE
Figure A-106. Assigning Constraints and Goals
12. Enter a number for the minimum transmit power and a number for the maximum transmit power.
You might choose to enter a lower power setting when, for example, the default power level might
affect a neighboring network. You must enter a numeric value greater than zero and less than 100.
13. Enter a numerical value for the expected maximum number of clients per AP and a numerical
value for the expected average number of clients per AP. You must enter a numeric value greater
than zero and less than 500 (see Figure A-107).
Figure A-107. Specifying the Maximum/Average Number of Clients per AP and Enabling
Black Hole Mitigation
14. Select whether to enable black hole mitigation. If you select this option, Radio Manager
recommends a beacon interval, which is slightly altered from what the AP is configured to, for the
APs. If you do not select the Black Hole Mitigation option, Radio Manager displays the beacon
interval to which the AP is currently configured.
Rev. v4.6
A-75
Configuring WLSE
After you assign the constraints and goals, the next step is for Radio Manager to calculate the
parameters. In this step, you will see a progress bar that indicates the progress Radio Manager is
making in its calculations. After Radio Manager calculates the parameters for the assisted
configuration job, it displays the calculation results (see Figure A-108 and Figure A-109).
Figure A-108. Calculating Parameters
Figure A-109. Radio Parameter Generation Complete Window
A-76
Rev. v4.6
Configuring Chariot
Configuring Chariot
The functionality for WMM, WPA/WMM, and WPA2/WMM tests require the use of Ixia’s IxChariot
software. Install the Chariot Console (server) software on the Azimuth DIRECTOR PC or another remote
PC in its default install location. If you install the Chariot Console (server) software on a remote PC, make
sure that you connect that PC to Test-Net and enter the remote PC’s IP address in the CCX GUI’s Chariot
Console IP field (see Table D-D-2). Then install the Chariot Endpoint software on the Azimuth
DIRECTOR PC and STM. For further details, refer to Section 14.4, WMM Information, in the CCX Test
Plan (Cisco part number EDCS-230632).
Note: The test script copies Chariot script files to the Chariot Console when a Chariot test
is run. Ensure that File Sharing is enabled on the Chariot Console and disable firewall
software that may interfere with File Sharing on the Chariot Console. The DIRECTOR
uses the C$ administrative share to copy files to the Chariot Console. Ensure that the C$
share exists on the Chariot Console. You may need to enter a valid user name and password
to connect to the Chariot Console from the DIRECTOR.
Setting Up the CCX Noise Tests
Azimuth Systems recommends running the CCX noise tests with white Gaussian noise. This section
describes noise generation equipment and its configuration.
The Azimuth CCX Benchmark Test supports automation of the following equipment (Figure A-110):
■
■
■
■
HP 8672A Synthesized Signal Generator (or equivalent). Equivalent signal generators must meet
the following criteria:
❏
2-6 GHz frequency range
❏
+10 dBm power level
❏
45 dB II, III, IV Harmonic Suppression
❏
Serial, GPB or Ethernet interface
❏
Synthesized tone signal type
Agilent 33120A Waveform Generator
Power meter to verify signal generator output level
M/A COM M8HC-7 RF Double Balanced Mixer
Rev. v4.6
A-77
Setting Up the CCX Noise Tests
Figure A-110. Agilent 33120A Waveform Generator (L) and HP 8672A Synthesized Signal
Generator
To physically connect the aforementioned waveform generator and signal generator, you need to use the
following equipment (each of the following numbered items are called out in Figure A-111):
1.
Cable (BNC to BNC)
2.
Adapter (BNC to SMAm)
3.
Mixer
4.
Cable (SMAm to N-typem)
5.
Adapter (SMAm to SMAm)
6.
Adapter (SMAf to N-Typem)
Figure A-111. Connecting the Waveform Generator (L) to the Synthesized Signal
Generator
A-78
Rev. v4.6
Installing VNC
There are three main connections between the generators and the test network:
■
■
■
The signal generator and waveform generator connect together as shown in Figure A-111.
The generators connect to a GPIB (or serial) interface and USB interface before connecting to the
Azimuth DIRECTOR.
The signal generator connects to one of the RFMs on the Azimuth chassis (see Figure 1-1).
The following steps describe how to configure the noise generator:
1.
2.
3.
Configure the waveform generator to a GPIB (or serial) interface with the following settings:
❏
Noise Mode
❏
+7 dBm
Configure the signal generator to a GPIB (or serial) interface with the following settings:
❏
+7 dBm (verify with a power meter)
❏
802.11 channel to test (frequency)
The noise generation equipment is now ready for you to run the Azimuth CCX Benchmark Tests.
Installing VNC
The following procedure describes how to install Real VNC’s Virtual Network Computing (VNC) on all
STMs used in the CCX Pre-Certification Benchmark Test Suite.
Note: Use VNC version 3.3.7 or higher.
1.
Select [ Yes ] to install the VNC Server. The VNC Setup Wizard dialog box opens (see Figure
A-112).
Rev. v4.6
A-79
Installing VNC
Figure A-112. VNC Setup Wizard Dialog Box
2.
Select [ Next ]. The VNC License Agreement dialog box opens (see Figure A-113).
Figure A-113. VNC License Agreement Dialog Box
3.
A-80
Select [ Yes ]. The installation folder destination dialog box opens (Figure A-114).
Rev. v4.6
Installing VNC
Figure A-114. VNC Installation Folder Dialog Box
4.
Select [ Next ] to accept the default folder in which to install VNC Server (recommended). The
VNC Start Menu Folder dialog box opens (Figure A-115).
Figure A-115. VNC Start Menu Folder Dialog Box
5.
Select [ Next ] to accept the default start menu folder in which to install VNC Server shortcuts
(recommended). The VNC additional tasks dialog box opens (Figure A-116).
Rev. v4.6
A-81
Installing VNC
Figure A-116. VNC Additional Tasks Dialog Box
6.
Select the following two options: Register VNC Server as a system service and Start the VNC
Server system service. Then select [ Next ] to accept the settings. The Ready to Install dialog box
opens (Figure A-117).
Figure A-117. VNC Ready to Install Dialog Box
7.
A-82
Select [ Install ]. The VNC Server is installed. At the conclusion of the installation, a status
message dialog box appears to indicate that the service was successfully registered and will run
automatically the next time the system is rebooted (see Figure A-118). You can also access the
service from the control panel.
Rev. v4.6
Installing VNC
Figure A-118. VNC Status Message
8.
Select [ OK ] to close the status message dialog box. An error message dialog box opens (see
Figure A-119). The error message indicates that there is no default password set and that the VNC
Default Properties dialog box will appear.
Figure A-119. VNC Error Message Dialog Box
9.
Select [ OK ]. The VNC Default Properties dialog box opens (see Figure A-120).
Figure A-120. VNC Default Properties Dialog Box
10. Create a password to use for VNC by entering admin (in lower case letters) in the password field.
Then select [ OK ]. The VNC Setup dialog box opens (see Figure A-121).
Rev. v4.6
A-83
Installing VNC
Figure A-121. VNC Setup Dialog Box
11. Select [ Next ]. A dialog box opens to indicate that the VNC Server has been successfully installed
(see Figure A-122).
Figure A-122. VNC Installation Process Complete Dialog Box
12. Select [ Finish ] to exit the installation program. A dialog box opens to indicate the Azimuth
DIRECTOR installation is completed (Figure A-123).
A-84
Rev. v4.6
Configuring the DHCP Server
Figure A-123. Installation Process Complete Dialog Box
13. Select [ Finish ]. A message appears to indicate that you must restart the Azimuth DIRECTOR
system. Restarting the system is necessary to accept the changes made during the installation.
The following procedure describes how to configure the DHCP scope option on the DHCP server in the
CCX Pre-Certification Benchmark Test Suite. By default, the script configures the DHCP scope option,
but if a problem occurs with scopes during CCX setup (i.e. CCX setup needs three simple scopes for
192.168.1.0, 192.168.3.0, 192.168.4.0 with 'Router' option and without using any superscope), you can use
these steps to move to the standard configuration, and then return to the CCX configuration to run the CCX
tests again.
1.
On the DIRECTOR's Test Manager double-click DHCP Server Configuration Tool.The DHCP
Server Configuration window displays.
Rev. v4.6
A-85
Figure A-124. DHCP Server Configuration Tool
2.
Click [ Standard ], which creates a superscope with 3 Test-Net sub-nets 192.168.1.0, 192.168.3.0,
192.168.4.0.
Figure A-125. DHCP Server Configuration GUI
Note: When you need to make the system ready for CCX testing, return to this window and click [ CCX ].
A-86
Rev. v4.6
Appendix B
Automated Station Configuration
Certain Azimuth Systems CCX Benchmark tests for the station under test cannot be automated because the
functionality is not supported by supplicant software that is used to automate the tests.
There are two ways to test the functionality that the selected supplicant does not support:
■
You can manually configure the station under test by entering the required information when
prompted by the Azimuth CCX Benchmark Test.
■
You can automate the tests by writing a Tcl library that implements the necessary unsupported
station library functions. For example, to automate test 4.3.1, AP Control Of Client Power, you
must write a station library that contains the sta_set_encryption, sta_set_transmit_power and
sta_get_transmit_power station library functions.
The station library functions associated with each test that cannot be automated are specified in Table B-1.
Table B-1. CCX Benchmark Test - Station Library Functions
Test
Case
Test Section
Station Library Functions
3.2.2.1 EAP TLS Functionality
sta_set_eaptls
3.2.3.1 LEAP Functionality
sta_set_leap
3.2.5.1 EAP TLS Functionality
sta_set_eaptls
3.2.6.1 LEAP Functionality
sta_set_leap
4.3.1
AP Control Of Client Power
sta_set_encryption
sta_set_transmit_power
sta_get_transmit_power
4.3.2
sta_set_encryption
4.3.3
sta_set_encryption
4.3.4
sta_set_encryption
Rev. v4.6
B-1
Table B-1. CCX Benchmark Test - Station Library Functions (Continued)
B-2
Test
Case
Test Section
4.3.5
sta_set_encryption
4.3.6
sta_set_encryption
4.3.7
sta_set_encryption
4.3.8
sta_set_encryption
4.3.9
sta_set_encryption
4.3.10
sta_set_encryption
4.4.1
AP-Assisted Roaming
sta_set_encryption
4.4.2
AP-Assisted Roaming
sta_set_leap
4.4.3
AP-Assisted Roam
sta_set_encryption
4.4.4
AP-Assisted Roaming
sta_set_encryption
4.5.1
CCKM Authentication
sta_set_leap
4.6.1
PEAP Supplicant
sta_set_peap
4.6.2
PEAP Supplicant
sta_set_peap
4.6.3
PEAP Supplicant
sta_set_peap
4.6.4
PEAP Supplicant
sta_set_peap
4.7.1.1 Beacon Report
sta_set_encryption
sta_set_encryption
sta_set_encryption
sta_set_radio_measurements
sta_set_encryption
sta_set_radio_measurements
4.7.2.1 Frame Report
sta_set_encryption
Rev. v4.6
Test
Case
Test Section
4.7.2.2 Frame Report
sta_set_encryption
4.7.3.1 Channel Load Report
sta_set_encryption
4.7.4.1 Noise Histogram Report
sta_set_encryption
4.7.5.1 Multiple Measurements
sta_set_encryption
1
sta_set_encryption
sta_set_encryption
4.8.1
CCX Version Number
sta_set_encryption
4.8.2
CCX Version Number
sta_set_encryption
5.1.3
sta_set_eapfast
5.1.6
sta_set_eapfast
5.1.7
sta_set_eapfast
5.1.8
sta_set_eapfast
5.1.10
sta_set_eapfast
5.1.11
sta_set_eapfast
prompt_verify
5.1.12
sta_set_eapfast
prompt_verify
5.1.13
sta_set_eapfast
prompt_verify
5.1.14
sta_set_eapfast
5.1.16
sta_set_eapfast
5.1.17
sta_set_eapfast
5.1.23
sta_set_eapfast
5.1.24
sta_set_eapfast
prompt_verify
5.1.25
sta_set_eapfast
prompt_verify
5.1.26
sta_set_eapfast
prompt_verify
5.2.4
CCKM EAP FAST Functionality
sta_set_eapfast
5.2.5
sta_set_eapfast
5.2.6
sta_set_eapfast
5.2.10
sta_set_eapfast
Rev. v4.6
B-3
B-4
Test
Case
Test Section
5.2.11
sta_set_eapfast
5.3.1
WMM Functionality
sta_set_encryption
5.3.2
WMM Functionality
sta_set_leap
5.3.6
WMM Functionality
sta_set_eapfast
5.3.7
WMM Functionality
sta_set_eapfast
5.3.8
WMM Functionality
sta_set_peap
5.3.9
WMM Functionality
sta_set_encryption
5.3.12
WMM Functionality
sta_set_leap
5.3.15
WMM Functionality
sta_set_eapfast
5.3.16
WMM Functionality
sta_set_peap
5.7.1
WPA2 Functionality
sta_set_leap
5.7.2
WPA2 Functionality
sta_set_eapfast
5.7.3
WPA2 Functionality
sta_set_peap
5.7.4
WPA2 Functionality
sta_set_leap
5.7.5
WPA2 Functionality
sta_set_eapfast
5.7.6
WPA2 Functionality
sta_set_peap
5.8.1
WPA2 WMM Functionality
sta_set_leap
5.8.2
sta_set_eapfast
5.8.3
sta_set_peap
5.8.4
sta_set_leap
5.8.5
sta_set_eapfast
5.8.6
sta_set_peap
6.1.1
CCKM With EAP Authentication
sta_set_eaptls
6.1.2
sta_set_ eaptls
6.1.3
sta_set_peap
6.1.4
sta_set_peap
6.1.5
sta_set_peap
6.1.6
sta_set_peap
6.1.7
sta_set_eapfast
6.1.8
sta_set_ eapfast
6.2.1.1 Layer 2 Roaming Enhancements
sta_set_encryption
sta_set_encryption
Rev. v4.6
Test
Case
Test Section
sta_set_encryption
sta_set_encryption
sta_set_encryption
sta_set_encryption
sta_set_encryption
sta_set_encryption
sta_set_encryption
sta_set_encryption
sta_voice_set_codec
sta_voice_make_call
sta_voice_drop_call
sta_set_encryption
sta_set_encryption
sta_set_encryption
6.3.1
sta_set_eapfast
6.3.2
sta_set_eapfast
6.3.3
sta_set_eapfast
6.3.4
sta_set_eapfast
6.3.5
sta_set_eapfast
6.4.2
SSIDL
sta_set_encryption
6.4.3
SSIDL
sta_set_eapfast
6.5.1
sta_set_encryption
sta_voice_set_codec
sta_voice_make_call
sta_voice_drop_call
6.5.2
sta_set_encryption
sta_voice_set_codec
sta_voice_make_call
sta_voice_drop_call
6.5.3
sta_set_encryption
sta_voice_set_codec
sta_voice_make_call
sta_voice_drop_call
Rev. v4.6
B-5
B-6
Test
Case
Test Section
6.5.4
sta_set_encryption
sta_voice_set_codec
sta_voice_make_call
sta_voice_drop_call
6.6.1
Unscheduled Automatic Power Save
Delivery
sta_set_encryption
sta_set_uapsd
6.6.2
Unscheduled Automatic Power Save
Delivery
sta_set_encryption
sta_set_uapsd
6.7.1
Traffic Stream Metrics
sta_set_eapfast
sta_voice_set_codec
sta_voice_make_call
sta_voice_drop_call
6.9.1
EAP FAST Enhancements
sta_set_eapfast
6.10.1
MBSSID
sta_set_encryption
6.10.2
MBSSID
sta_set_encryption
6.10.3
MBSSID
sta_set_encryption
6.10.4
MBSSID
sta_set_encryption
6.10.5
MBSSID
sta_set_encryption
6.10.6
MBSSID
sta_set_encryption
6.11.1
Location Based Services
sta_set_encryption
6.11.2
Location Based Services
sta_set_encryption
6.12.1
Keep Alive
sta_set_encryption
6.12.2
Keep Alive
sta_set_encryption
6.13.1
Link Test
sta_set_encryption
6.13.2
Link Test
sta_set_encryption
Rev. v4.6
Appendix C
Configuration of Catalyst 3750G Switch
and Cisco 3620 Router for VLAN Tests
This note describes the configuration of the Cisco Catalyst 3750G switch and the Cisco 3620 Router in the
test bed for the Azimuth CCX Pre-Certification Benchmark Test. This configuration supports tests that
involve multiple VLANs.
Note: The Azimuth CCX Test Suite no longer supports the use of the Azimuth
DIRECTOR as the router between the VLANs. Ensure that the "Routing and Remote
Access" service is configured using the Windows Services Control Panel on the
DIRECTOR so that its Startup Type is Disabled and its Status is not Started (i.e., its Status
is Stopped).
Rev. v4.6
C-1
Note: Unified Tests that involve measurement of roam time (4.5.2, 4.5.3, 6.1.9, 6.1.11,
6.1.13, 6.1.15) required Port Monitoring to be configured in the Catalyst switch. These
tests have been removed in CCX Test Plan 4.56; hence the Catalyst switch no longer needs
to be configured for Port Monitoring.
The Test-Net includes the following key components:
■
The Cisco Catalyst 3750G Ethernet switch
■
The Cisco 3620 (or similar) router, with IOS version 12.2 or higher
■
The Azimuth DIRECTOR as the DHCP Server for all VLANs
Use the following procedure to configure the VLAN switch. Port numbers used in that procedure are for
illustration purposes only; these port numbers should be changed as necessary.
C-2
1.
Configure Ports 1, 2, 3, 4 and 17 on the Catalyst 3750G switch as trunk ports (part of all VLANs VLAN1, VLAN2 and VLAN3). Enable 802.1Q encapsulation on these trunk ports.
2.
Configure all remaining ports on the Catalyst 3750G switch to be part of the native VLAN
(VLAN1). Disable 802.1Q tagging for VLAN1 on these ports.
3.
Connect IOS AP1, IOS AP2 and IOS AP3 to Ports 1, 2 and 3, respectively on the Catalyst 3750G
switch.
4.
Connect the Cisco 3620 router to Port 4 on the Catalyst 3750G switch.
5.
Connect the Cisco 4400 Controller to Port 17 on the Catalyst 3750G switch.
6.
Connect the other devices, such as the Azimuth DIRECTOR, the WLSE, the Chariot Server, the
ACS Server, and the three LWAPs to the other ports of the Catalyst 3750G switch.
Rev. v4.6
Red port is a trunk port and part of all VLANs
Cisco Catalyst 3750G Switch
1 2 3
4
5 6 7 8
9 10 1112 1314151617
Cisco 4400
Victory
LWAP 1
Victory
IOS AP 1
Victory
IOS AP 2
Victory
Victory
LWAP 3
LWAP 2
ACS AAA Server
Certificate Server
Chariot Server
Soft Token Server
WLSE Server
Client 1
VLAN 1
Client 2
VLAN 2
Cisco 3620 Router
Victory
IOS AP 3
Azimuth DIRECTOR
Figure C-1. Cisco Catalyst 3750G Switch Configuration
The Cisco Catalyst switch can be configured automatically by selecting the "Configure Catalyst Switch"
option in the Test-Bed Setup tab in the Azimuth CCX Benchmark Test GUI while running any test.
Typically, this automatic switch configuration should be done only once, and the "Configure Catalyst
Switch" option should be de-selected for all subsequent test runs.
Note: If you use the "Configure Catalyst Switch" option to configure the Catalyst switch
automatically, the switch configuration is reset and changed. Be sure to save your old
switch configuration in the event that you need to use that configuration later. The test
script uses the "AP Username," "AP Password", and "AP Enable Password" specified in
the Options Setup tab in the Test GUI to log on to the Cisco Catalyst switch.
To configure the Cisco Catalyst 3750G switch manually as described above, reset it to its factory default
settings and then use the following configuration commands:
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
exit
Rev. v4.6
C-3
exit
exit
exit
exit
To configure the Cisco 3620 Router, reset it to its factory default settings and then use the following
configuration commands. The router interface number (fastEthernet0/0) and the IP address
(192.168.1.140) used below are for the purpose of illustration only; use the router interface number and the
IP address that is appropriate for your test-bed.
Router(config)#ip mulicast-routing
Router(config)#interface fastEthernet0/0
Router(config-if)#no shutdown
Router(config-if)#no ip address
Router(config-if)#no ip proxy-arp
Router(config-if)#exit
Router(config)#interface fastEthernet0/0.1
Router(config-subif)#encapsulation dot1q 1 native
Router(config-subif)#ip address 192.168.1.140 255.255.255.0
Router(config-subif)#ip pim dense-mode
Router(config-subif)#no ip proxy-arp
Router(config-subif)#exit
Router(config-subif)#encapsulation dot1q 2
Router(config-subif)#ip helper-address 192.168.1.1
Router(config-subif)#encapsulation dot1q 3
Router(config-subif)#ip helper-address 192.168.1.1
C-4
Rev. v4.6
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#passive-interface fastEthernet0/0
Router(config-router)#network 192.168.1.0
Router(config-router)#exit
Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.0
Note the following properties of the router configuration:
1.
The configuration includes three virtual interfaces, fastEthernet1/0.1, fastEthernet1/0.2 and
fastEthernet1/0.3.
2.
The first virtual interface, fastEthernet1/0.1, is configured with a VLAN tag of 1 and is designated
as the native VLAN interface. It is assigned a static IP address in the 192.168.1.0/255.255.255.0
sub-net, which is the primary sub-net of the DIRECTOR's Test-Net interface and for which a
DHCP Scope is configured in the DIRECTOR's DHCP Server configuration. You may use any
address in the 192.168.1.0 subnet; not necessarily the 192.168.1.140 address shown in the
configuration example. The DHCP Server will assign an IP address in the 192.168.1.0/
255.255.255.0 sub-net to clients that are part of the native VLAN. The Router's Native VLAN IP
must be configured in the Test-Bed Setup Tab as shown in Figure 2.
3.
The second virtual interface, fastEthernet1/0.2, is configured with a VLAN tag of 2. It is assigned
a static IP address in the 192.168.4.0/255.255.255.0 sub-net, which is a secondary sub-net of the
DIRECTOR's Test-Net interface and for which a DHCP Scope is configured in the DIRECTOR's
DHCP Server configuration. Note that this virtual interface is not configured with a 192.168.2.0/
255.255.255.0 address to avoid conflict with the DIRECTOR's Bus-Net. The DIRECTOR's
primary Test-Net address (192.168.1.1) is configured as the helper-address on this virtual interface
so that the same DHCP Server (192.168.1.1) can be used for clients on VLAN 2. The DHCP
Server will assign an IP address in the 192.168.4.0/255.255.255.0 sub-net to clients that are part of
VLAN 2.
4.
The third virtual interface, fastEthernet1/0.3, is configured with a VLAN tag of 3. It is assigned a
static IP address in the 192.168.3.0/255.255.255.0 sub-net, which is a secondary sub-net of the
DIRECTOR's Test-Net interface and for which a DHCP Scope is configured in the DIRECTOR's
DHCP Server configuration. The DIRECTOR's primary Test-Net address (192.168.1.1) is
configured as the helper-address on this virtual interface so that the same DHCP Server
(192.168.1.1) can be used for clients on VLAN 3. The DHCP Server will assign an IP address in
the 192.168.3.0/255.255.255.0 sub-net to clients that are part of VLAN 3.
5.
Routing is enabled amongst the 192.168.1.0, 192.168.3.0 and 192.168.4.0 networks via RIP. This
allows clients on the different VLANs to communicate with each other.
Rev. v4.6
C-5
C-6
6.
In the VLAN tests (EAP-FAST Functionality tests 5.1.10 and 5.1.23, NAC Tests 6.3.x and SSIDL
test 6.4.3), the tester needs to verify data connectivity between a wireless client in VLAN 2 or 3
and a wired host. The CCX Test-Bed does not include a wired host in VLAN 2 or 3. It does,
however, include the DIRECTOR on the native VLAN with secondary IP addresses of 192.168.3.1
and 192.168.4.1. To allow a wireless client in VLAN 3 (with a 192.168.3.x IP address) to ping,
send and receive files by FTP, and receive multicast traffic from 192.168.3.1, a static host route is
added on the router for destination 192.168.3.1 with gateway 192.168.1.1. For similar reasons, a
static host route is added on the router for destination 192.168.4.1 with gateway 192.168.1.1. In
addition, multicast-routing is globally enabled, and PIM is enabled on each virtual interface. This
configuration allows the tester to verify data connectivity between a wireless client in VLAN 2 or
3 and a wired host without requiring the wired host to be part of VLAN 2 or 3.
7.
"ip proxy-arp" is disabled on all of the interfaces on the Router, including the virtual interfaces, so
that the DIRECTOR can ping hosts in the native VLAN with a 192.168.3.x or 192.168.4.x
address.
Rev. v4.6
Appendix D
Azimuth CCX Pre-Certification
Benchmark Test Parameters
Tabs and fields within each tab of the CCX Pre-Certification Benchmark Test are shown and described in
this appendix.
Info Tab
Figure D-1. Info Tab
Table D-1. Info Tab Parameters
Default
Definition
Value
Parameter
Value
Test Engineer
Alphanumeric N/A
text
Specifies the identity of the test engineer who is setting up
and running the test.
Location
Alphanumeric N/A
text
Specifies the location of the test system.
Rev. v4.6
D-1
Table D-1. Info Tab Parameters (Continued)
Parameter
Value
Output Directory Selected
directory
Default
Definition
Value
N/A
Displays the directory to which the test results will be saved
for each test, including:
• output.log — contains all data that appears in the log tab.
• system.log — contains messages from the System Log
tab.
Test Comments
Alphanumeric N/A
text
Specifies any comments with respect to the test or test setup.
Test-Bed Setup Tab
Figure D-2. Test-Bed Setup Tab - AP2 selected for Noise Generator Configuration
D-2
Rev. v4.6
Figure D-3. Test-Bed Setup Tab - Automatic Configuration selected for Noise
Generator Configuration
Table D-2. Test Bed Setup Tab Parameters
Parameter
Value
Default
Value
Band
802.11a
Enabled
Specifies that tests will be run with AP and client devices
configured to operate on the 802.11a radio band. The
basic rates on the APs are set to 6, 12 and 24 Mbps and
the supported data rates are set to 9, 18, 36, 48 and 54
Mbps.
802.11b
Enabled
Specifies that tests will be run with AP and client
devices configured to operate on the 802.11b radio band.
The basic rates on the APs are set to 1 and 2 Mbps and
the supported data rates are set to 5.5 and 11 Mbps.
802.11g
Enabled
Specifies that tests will be run with AP and client
devices configured to operate on the 802.11g radio band.
The basic rates on the APs are set to 6, 12 and 24 Mbps
and the supported data rates are set to 9, 18, 36, 48 and 54
Mbps.
Definition
Rev. v4.6
D-3
Table D-2. Test Bed Setup Tab Parameters (Continued)
Parameter
Value
Antenna
(settings can be
configured
separately for
each radio band
type (i.e., “A” or
“B/G”)
Left
Autonomous
Default
Value
Definition
Don’t
change
Specifies the antenna setting on the Access Points. You
may connect the left or right or both antennas (using an
RF combiner) to the RF port inside the RadioProof
Enclosure (RPE) that contains the AP. By default, the test
script does not change the antenna settings in the AP
configuration. Select ‘Left’ ‘Right’ or ‘Diversity’ to
configure the APs to use the antenna(s) that is (are)
connected to the RPE.
AP identifier
N/A
Specifies the three Autonomous (IOS) APs to be used in
the CCX tests. These APs must be added to the Azimuth
DIRECTOR using the Connected Devices Tool.
AP identifier
N/A
Specifies the three Light-weight (Unified test-bed) APs
to be used in the CCX tests. These APs must be added to
the Azimuth DIRECTOR using the Connected Devices
Tool, where you must enter the IP address of the 4400
Controller Management Interface as the DIRECTOR
Control Port address.
Captive Client
(Client 2)
N/A
N/A
Specifies the test bed client device, which is referred to in
the test as Client 2. Use [ Browse ] to navigate to and
select the appropriate client.
WLA
N/A
N/A
Specifies the Wireless LAN Analyzer (Airopeek) station
to be used for capturing wireless traffic. Use [ Browse ]
to navigate to and select the appropriate client. The
selected WLA station should be connected from the front
panel RF port to RFM 1, Port 2C. The other WLA station
in the WLA module should be connected from the front
panel RF port to RFM 2, Port 1C.
Remote Chariot
Console
Enabled
(checked)
Disabled
Specifies the use of a Chariot console on a remote PC.
For more information about configuring a remote Chariot
console, see your Azimuth Customer Support
representative.
Chariot Console IP address
IP
N/A
IP address of the Remote Chariot Console.
Configure
Catalyst Switch
Disabled
Specifies that the Cisco Catalyst 3750G switch be
configured automatically when a test is run. Typically,
the automatic switch configuration should be done only
once, and this option should be de-selected for all
subsequent test runs.
N/A
IP address of the Cisco Catalyst 3750G switch.
Right
Diversity
Don’t change
AP1, AP2, AP3
Light-weight
AP1, AP2, AP3
Disabled
(unchecked)
Disabled
(unchecked)
Enabled
(checked)
Catalyst Switch
IP
D-4
IP Address
Rev. v4.6
Table D-2. Test Bed Setup Tab Parameters (Continued)
Parameter
Value
Default
Value
Router's Native
VLAN IP
IP Address
N/A
IP address of the Native VLAN interface of the Cisco
Router.
WLSE IP
IP Address
N/A
Specifies the IP address of the Cisco Wireless LAN
Solution Engine (WLSE).
Noise Generator Manual
Enabled
Configuration
Definition
Specifies that the noise generator is manually configured.
Automatic
Disabled
Configuration
Specifies that the Noise Generator will be configured
through a software (Tcl) automation library. If you
choose this option, you must specify the Vendor, Model
and Version number of a Noise Generator for which you
provide a Tcl automation library, or select a standard
Noise Generator, such as the Agilent E8247C, for which
Azimuth provides a Tcl automation library. You must
also specify the control address of the Noise Generator
and the login parameters (if any) that are required by the
Noise Generator automation library.
AP2
Specifies that AP2 will be used for generating noise in
the Noise Histogram test.
Disabled
Rev. v4.6
D-5
RADIUS Setup Tab
Figure D-4. RADIUS Setup Tab
Table D-3. RADIUS Setup Tab Parameters
Default
Value
Definition
192.168.1.1
Specifies the IP address of the RADIUS server.
Parameter
Value
Radius Server IP
IP Address
(dotted
decimal
notation)
Radius Server Port
Integer (1645 1645
or 1812)
Specifies the port number to be used by the
RADIUS server.
Radius Shared
Secret
alphanumeric azimuth
text
Specifies the shared secret to be used by the
RADIUS server for authentication purposes. This
value must be the same value as the secret for the
ACS server.
D-6
Rev. v4.6
Table D-3. RADIUS Setup Tab Parameters (Continued)
Parameter
Value
Default
Value
Definition
Radius User Names alphanumeric Console
text
Specifies the user names to be used by the RADIUS
server for authentication purposes. The default user
name is used in all tests except the PEAP Supplicant
tests (4.6.1 - 4.6.4). Tests 4.6.1 and 4.6.3 use the
Active Directory user name, while Tests 4.6.2 and
4.6.4 use the OTP (One-Time Password) user name.
Radius User
Passwords
alphanumeric azimuth
text
Specifies the passwords to be used by the RADIUS
server for authentication purposes. The default
password is used in all tests except the PEAP
Supplicant tests (4.6.1 - 4.6.4). Tests 4.6.1 and 4.6.3
use the Active Directory user name, while Tests
4.6.2 and 4.6.4 use the OTP (One-Time Password)
user name.
Client Certificate
alphanumeric Console
text
Specifies the common (or Issued-To) name of the
Client Certificate to be used for EAP-TLS
authentication. A certificate issued-to console
issued by Azimuth CCX Benchmark Root CA is
provided in the Certificates folder in the CCX tests
folder (e.g., d:/azimuth/data/tests/CCX/certificates).
Trusted Root
Alphanumeric
alphanumeric Azimuth
text
CCX
Benchmark
Root CA
Specifies the name of the trusted Root Certifying
Authority to be used for EAP-TLS and PEAP-GTC
authentication. The root certificate of Azimuth CCX
Benchmark Root CA is provided in the Certificates
folder in the CCX tests folder (e.g., d:/azimuth/data/
tests/CCX/certificates).
ACS User name
String
Administrator Specifies a user name with Administrator privileges
that can be used to log on to the ACS. This is used
for automated configuration of the ACS. For more
details, refer to “Configuring the ACS for
Automated Control” (page A-47).
ACS Password
String
azimuth
Specifies the password for the ACS user name
entered.
Network Access
Profile
String
CCX-Profile
Specifies the name of the Network Access Profile
configured on the ACS. For more details, refer to
the section Figure , “Configuring the ACS for
Network Admission Control (NAC),” on page A20.
Rev. v4.6
D-7
DUT Setup Tab
Figure D-5. DUT Setup Tab
D-8
Rev. v4.6
Table D-4. DUT Setup Tab Parameters
Parameter
Value
Default
Definition
Value
Device Under
Test (Client 1)
N/A
N/A
Specifies the wireless DUT that is referred to in the
test as Client 1. Use [ Browse ] to navigate to and
select the appropriate client.
DUT (for
parallel OS
testing)
N/A
N/A
Specifies the wireless DUT that is used as a secondary
DUT. Each test case is repeated using the secondary
DUT. For more details see “Repeating Tests With Two
Operating Systems in Parallel” (page 7). Use
[ Browse ] to navigate to and select the appropriate
client.
DUT
Configuration
Selected supplicant
Manual
Specifies the supplicant (or control manager) that is
used to configure the selected device under test. In
Manual mode, the user is prompted through popup
dialog boxes to manually configure the device under
test.
Supplicant
Version
alphanumeric text
N/A
Specifies the version of the supplicant that is used to
configure the selected device under test. This
information is printed in the Test Log. In Manual
mode — and when using a custom supplicant or
control manager — you should enter the supplicant
version information. If you select the Funk supplicant,
the version number is automatically provided.
Enter Tx power
settings
supported by
Device Under
Test - 802.11b/g
String
1, 5, 10, Specifies the Tx power settings (in mW, separated by
20, 30, spaces) that are supported by the 802.11b/g DUT
50, 100 radio. These values are used to determine if tests that
deal with AP Control of Client Power (4.3.1-4.3.10
and 4.4.1) can be run.
Enter Tx power
settings
supported by
Device Under
Test - 802.11a
String
2, 3, 6,
12
Specifies the Tx power settings (in mW, separated by
spaces) that are supported by the 802.11a DUT radio.
These values are used to determine if tests that deal
with AP Control of Client Power (4.3.1-4.3.10 and
4.4.1) can be run.
Rev. v4.6
D-9
Table D-4. DUT Setup Tab Parameters (Continued)
Default
Definition
Value
Parameter
Value
WMM Tagging
Type
802.1d
Disabled Specifies the priority class of the traffic according to
the four WMM access categories (voice, video, best
effort and background). Voice and video have the
highest priorities; best effort and background are the
lowest priorities.
DSCP
Enabled Specifies that the Type of Service (TOS) field will be
specified by the user using Diff-Serv Code Point
(DSCP). This interpretation inserts the specified
decimal value in the six most significant bits and
masks the two least significant bits (with a value of
zero).
Enabled (checked)
Enabled Specifies if the DUT supports Mixed Cell Mode. If
this option is enabled, CCXv3 tests 3.2.3.1 and 5.3.1
test if the DUT can associate to an AP configured in
Mixed Cell Mode.
Mixed Cell
Mode
Disabled
(unchecked)
Display of AP IP Enabled (checked)
Address
Disabled
(unchecked)
Enabled Specifies if the DUT User Interface displays the AP
IP Address. If this option is enabled, CCXv3 test
3.2.3.1 prompts the user to verify that the correct AP
IP Address is displayed.
Beacon Table
Enabled Specifies if the DUT maintains a Beacon Table. If this
option is enabled, CCXv3 test 4.7.1.1 checks if the
DUT responds to the Beacon Report (Table Scan)
request. If this option is disabled, test 4.7.1.1 passes
even if the DUT does not respond to the Beacon
Report (Table Scan) request.
Enabled (checked)
Disabled
(unchecked)
Disabling of
Radio
Measurements
D-10
Enabled (checked)
Disabled
(unchecked)
Enabled Specifies if the Radio Measurements can be disabled
on the DUT. If this option is enabled, CCXv3 tests
4.7.1.3 and 4.7.1.4 check if the DUT does not respond
to radio measurements when configured
appropriately. If this option is disabled, tests 4.7.1.3
and 4.7.1.4 are skipped.
Rev. v4.6
Test Selection Setup Tab
Figure D-6. Test Selection Setup Tab for Windows DUT
Figure D-7. Test Selection Setup Tab for ASD DUT
Rev. v4.6
D-11
The Test Selection tab allows you to choose one or more tests to run. Tests are divided into two categories
- Autonomous and Unified, and further sub-divided into groups based on the CCX Test Plan. Adjacent to
each displayed test is a checkbox that can be selected to indicate that the selected test(s) should be run..
Note: A different list of tests is displayed if an ASD is selected as the DUT in the DUT
Setup tab.
Two buttons, [ Select Tests Not Run ] and [ Select Failed/Errored Tests ] are provided to facilitate the task
of selecting all tests that fit into each button description.
Clicking the [ Select Tests Not Run ] selects all the tests that have not been run or were interrupted before
completion, indicated in the Results tab. Tests that have not been run have a Status of "Not Run" in the
Results tab or are not displayed in the Results tab. For example, if you have run tests using the 802.11a
band only, the Results tab does not display information on tests using the 802.11b band. Tests that were
interrupted have a Status of "Running" in the Results tab. Note that this feature selects tests based on the
Band you chose in the Test-Bed Setup tab. For example, suppose you select 802.11a and 802.11b in the
Test-Bed Setup tab, and you have already run test 3.2.4.1 using 802.11a but not using 802.11b. In this case,
clicking the [ Select Tests Not Run ] results in the selection of test 3.2.4.1. If, however, you select only
802.11a and not 802.11b in the Test-Bed Setup tab, clicking [ Select Tests Not Run ] does not result in the
selection of test 3.2.4.1.
Clicking the [ Select Failed/Errored Tests ] selects all the tests that failed or completed with an error when
those tests were run the last time, as indicated in the Results tab. Note that this feature selects tests based
on the Band you chose in the Test-Bed Setup tab. For example, if you select 802.11a and 802.11b in the
Test-Bed Setup tab, and test 3.2.4.1 passed using 802.11a, but failed using 802.11b, clicking the [ Select
Failed/Errored Tests ] results in the selection of test 3.2.4.1. If, however, you select only 802.11a and not
802.11b in the Test-Bed Setup tab, clicking [ Select Failed/Errored Tests ] does not result in the selection of
test 3.2.4.1. Note also that a test case may be run several times, and the Results tab records the results of all
the test runs (e.g., 1 Passed, 1 Failed). If the test passed in the last run, the Test Status is green; otherwise, it
is red. The [ Select Failed/Errored Tests ] button selects tests based on the results of the last test run.
Note: These two buttons do not un-select any test that you may have already selected. You
can select all tests by selecting the "Autonomous" and "Unified" nodes in the test selection
tree. Similarly, you may un-select all tests by un-selecting the "Autonomous" and "Unified"
nodes.
.
D-12
Rev. v4.6
Options Setup Tab
Figure D-8. Options Setup Tab
Table D-5. Options Setup Tab Parameters
Parameter
Value
Default
Value
Definition
AP Username alphanumeric
text
Cisco
Specifies the Autonomous (IOS) AP user name to use for
the CLI interface.
AP Password
alphanumeric
text
Cisco
Specifies the Autonomous (IOS) AP password to use for
the CLI interface.
AP Enable
Password
alphanumeric
text
Cisco
Specifies the password that enables advanced
configuration options on the Autonomous (IOS) AP.
Rev. v4.6
D-13
Table D-5. Options Setup Tab Parameters (Continued)
Default
Value
Parameter
Value
Definition
WLC
Username
alphanumeric
text
admin
Specifies the user name to use to telnet into the Cisco
4400 Wireless LAN Controller.
WLC
Password
alphanumeric
text
admin
Specifies the password to use to telnet into the Cisco 4400
Wireless LAN Controller.
SSID for
DUT (Client
1)
alphanumeric
text
CCX1
Specifies the SSID of Client 1 (the wireless DUT).
SSID for
Client 2
alphanumeric
text
CCX2
Specifies the SSID of Client 2 (the test bed client).
Static WEP
alphanumeric
Key (128-bit) text
1234567890 Specifies the value of the 128-bit WEP security key.
1234567890
123456
SNMP
Community
public
Specifies the SNMP community string.
Roaming Rate 1 - 20 dB/s
2 dB/s
Specifies the rate at which the path loss between the DUT
and its associated AP is increased to cause the DUT to
roam away from the AP. If this value is changed from the
default (2 dB/s), test results are placed in a section labeled
'Custom' to indicate the deviation from the CCX Test Plan.
Disable User
Prompts
Disabled
Disables the display of popup dialog boxes prompting the
user to configure the clients and other devices (such as the
Noise Generator and the Wireless LAN Solution Engine
(WLSE)), or to verify certain events (such as the setting of
client Tx Power to some desired value or detection of
rogue APs on the WLSE).
Disabled
Enables a quick-testing mode whereby a TFTP is tested
using a small 5KB file instead of a 10MB file, and
multicast operation is tested using 10 multicast packets
instead of 600.
alphanumeric
text
Enabled
(checked)
Disabled
(unchecked)
Quick Testing Enabled
(checked)
Disabled
(unchecked)
Note: Quick Testing may not comply with all CCX testing
requirements.
D-14
Rev. v4.6
Table D-5. Options Setup Tab Parameters (Continued)
Parameter
Value
Default
Value
Definition
Reset AP
Enabled
Configuration (checked)
at the start of
Disabled
each test case
(unchecked)
Disabled
Enable this option if the test engine should reset the
configuration of the three APs at the start of each test case.
When you select multiple test cases to run, the test engine
groups the test cases according to the required AP, and
runs the tests in a group together. The AP configuration is
always reset at the start of the first test case in each group.
If this option is disabled, the AP configuration is changed
only incrementally for the remaining test cases in the
group. For more details, see “Selecting Multiple Test
Cases for Faster Test Execution” (page 1-14).
Continue with Disabled
Test till the
(unchecked)
end if the Test
Enabled
fails
(checked)
Disabled
Specifies that a test case will not terminate immediately
and will continue as long as possible if a test failure is
encountered. By default, this option is disabled and a test
case will terminate immediately if a test failure is
encountered.
Use the
Radio A
following
Radio B
channels in
test where test Radio G
plan allows
any channel to
be used
36
Specifies the radio channel to be used in tests where the
1
CCX Test Plan allows the use of any channel. This
1
excludes the following tests:
• CCXv2 AP-Assisted Roaming - 4.4.1, 4.4.3, 4.4.4 and
4.4.6.
• CCXv2 Radio Measurement - 4.7.x.x
• CCXv4 QBSS Channel Load - 6.2.1.x
• CCXv4 Neighbor Response Frames - 6.2.2.4
• CCXv4 Adjacent AP Report Frame (Normal Roam,
Load Balancing) - 6.2.4.2
• CCXv4 Traffic Stream Metrics - 6.7.1
• CCXv4 MBSSID - 6.10.x
• CCXv4 Location Based Services - 6.11.x
ASD Tab
If you implement a custom ASD control library and define login parameters for connecting to the ASD, the
ASD tab allows you to configure the custom login parameters for the ASD. In addition, the ASD tab
allows you to specify the test tools supported by the ASD as described in Table D-6.
Rev. v4.6
D-15
Figure D-9. ASD Tab
D-16
Rev. v4.6
Note: When iperf is used to generate multicast traffic from the DIRECTOR, the source IP
address of the multicast traffic is the primary IP address of the DIRECTOR’s Test-Net
interface, which by default is 192.168.1.1. The DUT will receive this multicast traffic if its
wireless interface has an IP address in the same subnet (192.168.1.0). However, the DUT is
assigned an IP address in the 192.168.3.0 subnet by default, if the DIRECTOR is used as the
DHCP server. To change this, delete the DHCP reservation (if any) for the DUT on the
DIRECTOR as follows:
1.
Right-click on the My Computer desktop icon, and select the Manage menu
option.
2.
Expand Services and Applications, followed by DHCP and Scope
[192.168.3.0] STA-Net-A.
3.
Select Address Leases in the left pane and right-click the entry that matches
the DUT’s 192.168.3.x address, and select Delete.
4.
You must also uncheck Use Director as DHCP Server in the Options
Setup Tab in the CCX tests GUI.
Rev. v4.6
D-17
Table D-6. ASD Tab Parameters
Parameter Value
Default
Value
Tools
Enabled
Enabled
supported
(checked)
(checked)
by the ASD:
Disabled
FTP
(unchecked)
Definition
Specifies if the ASD supports file transfers using FTP. If this
option is disabled, the following test steps are skipped:
(a) Verify if a file can be transferred between the ASD under test
and a wired host
(b) Verify if a file can be transferred from the ASD under test to
a wired host while the ASD performs a Radio measurement
(c) Verify if the ASD under test asks the AP to buffer traffic
while the ASD performs a Radio measurement
In lieu of these steps, the test script prompts the user to transfer
a large amount of data from the ASD to the Azimuth
DIRECTOR using a method supported by the ASD.
Tools
Enabled
Enabled
supported
(checked)
(checked)
by the ASD:
Disabled
Multicast
(unchecked)
Specifies if the ASD can send and receive multicast traffic. If
this option is disabled, the following test step is skipped:
(a) Verify if the ASD under test can receive multicast traffic
from a wired host.
In addition, the AP-Assisted Roaming Test and the CCKM
Authentication Test are skipped because they use multicast
traffic to measure roam time.
Tools
Enabled
Enabled
supported
(checked)
(checked)
by the ASD:
Disabled
Chariot
(unchecked)
Specifies if the ASD can act as a Chariot endpoint. If the ASD
does not support Chariot, the WMM Functionality Tests will
fail because they require Chariot to generate prioritized traffic
and measure the throughput of prioritized and non-prioritized
traffic.
To generate Use mcast
multicast
traffic from
the Director Use iperf
Specifies that the mcast tool be used to generate multicast
traffic from the Azimuth DIRECTOR. The mcast tool generates
multicast traffic that has the IP Protocol field set to 0xFF.
Prompt the
user
D-18
Use mcast
Specifies that the iperf tool be used to generate multicast traffic
from the Azimuth DIRECTOR. The iperf tool generates UDP
multicast traffic on the default iperf port (5001).
Prompts the user to use a tool of their choice to generate
multicast traffic from the Azimuth DIRECTOR with specified
parameters.
Rev. v4.6
Table D-6. ASD Tab Parameters (Continued)
Parameter Value
Run
Windows
Tests
Default
Value
Definition
Enabled
(checked)
Disabled
Specifies that CCX tests applicable to Windows clients should
(unchecked) be run with the selected ASD under test. This option is useful
for testing wireless clients on versions of the Windows
Disabled
operating system that are not supported on Azimuth STM or
(unchecked)
WSC modules. This includes the Windows Vista operating
system.
Enabling this option causes the following changes:
• The Test Selection tab displays the list of tests that are
applicable to Windows clients.
• The test script assumes that the ASD under test supports
features such as EAP-TLS authentication and CKIP/CMIC
encryption that are required to be supported by Windows
clients.
• For WMM Functionality testing, the test script assumes that
the ASD under test supports the maximum 802.11
bandwidth, instead of using the
High_Performance_Throughput Chariot script to determine
the maximum bandwidth supported by the ASD.
• For Network Admission Control tests, you must specify the
ASD Operating System – “Windows2000,” “WindowsXP,”
“WindowsVista,” etc. The test script assumes that the
CiscoSecure ACS is configured to assign clients running
unsupported versions of Windows (such as Windows Vista)
to VLAN 2.
EAP Type
Supported
LEAP
EAP-TLS
EAP-FAST
LEAP
Specifies the EAP Authentication type to be used in the EAP
Functionality tests (7.3.1 and 7.5.1). The CCX Test Plan allows
the ASD Under Test to use LEAP, EAP-TLS or EAP-FAST in
these tests.
Rev. v4.6
D-19
Log Tab
Figure D-10. Log Tab
Table D-7. Log Tab Parameters
D-20
Parameter
Value
Default
Definition
Value
[ Clear ]
N/A
N/A
Clears messages from the log results window.
[ Close ]
N/A
N/A
Closes the dialog box and stops current testing.
Rev. v4.6
System Log Tab
Figure D-11. System Log Tab
Table D-8. System Log Tab Parameters
Parameter
Value
Default
Definition
Value
[ Clear ]
N/A
N/A
Clears messages from the system log results window for this
tab only.
[ Close ]
N/A
N/A
Rev. v4.6
D-21
Results Tab
Figure D-12. Results Tab
Table D-9. Results Tab Parameters
Parameter
Definition
CCX Test #
Specifies the number of the CCX test, which corresponds to the number assigned to
that test in the CCX Test Plan.
Description
Summarizes the intent of the specified test.
Status
Shows the results of running the test. The results can be Not Run or Running, or the
number of times that the test passed, failed, completed with errors or was skipped,
e.g. 3 Passed, 1 Failed. The Status is displayed in green if the test passed in the last
run, and in red if the test failed or completed with errors in the last run.
Comment
Specifies the test failure reason if a test fails.
D-22
Rev. v4.6
Table D-9. Results Tab Parameters (Continued)
Parameter
Definition
[ Export CSV ]
Enables the export of the current test results in comma separated value (CSV)
spreadsheet format.
[ Export HTML ]
Enables the export of the current test results in HTML format.
[ GO ]
Starts CCX testing.
[ Clear ]
Clears messages from the system log results window for this tab only.
[ Close ]
Common Tab Parameters
Table D-10. Common Parameters in All Tabs
Parameter
Value
Verbose Logging On
Default
Definition
Value
Off
When enabled, specifies that a highly detailed log of events
be created.
0
Specifies the number of times the test will run. A Repeat
Count of 0 means that all selected test cases will be run
once. A Repeat Count of 1 means that all selected test cases
will be run twice.
Off
Repeat Count
0 - 1024
Repeat a Test
Case Only If It
Fails
On (checked) Off
Gap
0.1 - 60.0
Off (not
checked)
1.0
When enabled, a test case is repeated only if it fails. Test
cases that pass are run only once.
Specifies the delay that will occur in between running
different test iterations.
Rev. v4.6
D-23
D-24
Rev. v4.6
Index
Numbers
D
802.11/Noise Tab
Parameters, D-6
DUT Setup Tab
Parameters, D-9
A
F
AAA Client
Configuring, A-8
Faster test execution, selecting multiple test cases for, 114
AAA Server
Configuring, A-8
FTP
Configuring, A-51
ACS
Installing and Configuring, A-4
I
ACS User
Configuring, A-8
Implementing the ASD Control Library, A-1
AP/Radius/WLSE Tab, D-8
Importing Azimuth Certificates for PEAP/TLS
Authentication, A-13, A-20
ASD Tab, D-15
Parameters, D-18
Info Tab, D-1
Parameters, D-1
Automated Station Configuration, B-1
Installing the ACS, A-4
Azimuth CCX Pre-Certification Benchmark Test
Parameter Definitions, D-1
Introduction, 1-1
Azimuth Certificates
Importing for PEAP/TLS Authentication, A-13, A-20
L
C
Log Tab, D-20
Parameters, D-20
CCX Benchmark Test
Automation Support for, B-1
M
CCX Noise Tests
Setting Up, A-77
Multiple test cases, selecting, 1-14
Chariot
Configuring, A-77
O
Cisco AP
Upgrading, A-50
Options Setup Tab
Parameters, D-13
Common Parameters, D-23
P
Common Tab
Parameters, D-23
Configuring the ASD in the Azimuth Director Device
Manager, A-2
Parameter Definitions
802.11/ Noise Tab, D-6
AP / Radius / WLSE Tab, D-9
Azimuth CCX Pre-Certification Benchmark Test, D-1
Common Parameters in All Tabs, D-23
Info Tab, D-1
Log Tab, D-20
Results Tab, D-22
System Log Tab, D-21
Test Bed Setup Tab, D-2, D-3
Configuring the Station Under Test STM, 1-8
Physical Configuration, 1-5, 1-6
Configuring Chariot, A-77
Configuring FTP, A-51
Configuring TFTP, A-53
Configuring the AAA Client, AAA Server and ACS User,
A-8
Configuring the ACS, A-4
Configuring the Test Bed Client STM, 1-8
Configuring WLSE, A-57, A-58
R
RADIUS Setup Tab, D-6
Index-1
Rev. v4.6
Parameters, D-6
WLSE and AP Discovery, A-58
Required Hardware/Software, 1-3
Azimuth-Provided, 1-3
WLSE and AP discovery, A-58
Required Hardware/Software, Customer-Provided, 1-3
Results Tab, D-22
Parameters, D-22
Reviewing Test Results, 1-19
RF Connections, 1-5
RUnning the Azimuth CCX Benchmark Test, 1-11
S
System Log Tab, D-21
Parameters, D-21
T
Test Bed Setup Tab, D-3
Parameters, D-3
Test Selection Tab, D-11
Parameters, D-11
TFTP
Configuring, A-53
Theory of Operation, 1-2
U
Upgrading the Cisco AP, A-50
V
VLAN Configuration, C-1
VNC
Installing, A-79
W
WLSE
client walkabout, creating, A-68
Configuring, A-57, A-58
configuring, A-57
deleting RM measurements, A-63
displaying faults to verify rogue AP detection, A-68
managing/unmanaging devices, A-62
Network Connection, A-58
network connection to, A-58
radio parameter generation, A-73
RM, A-65
seeding devices, A-59
specifying WLCCP for WDS, A-59
viewing discovery logs, A-62
walkabout, running, A-72
Rev. v4.6
Index-2

Cisco Compatible Extensions

Transcription

Similar documents

Family Budget Form

Job Benchmarking Made Simple Flowchart

Software Integrations - The Episcopal Diocese of Newark

CCX - Comunicado ao Mercado (2015 12 28) (2)

Commercial Design 101 with HelioScope

James Lowman ACS Chief Executive C

How To Find Your Way GTA 05-02-013

PDF

20/20 Perfect Vision

ProSat-Solutions - Broadcast Solutions