Cisco Compatible Extensions
Transcription
Cisco Compatible Extensions
APPLICATION NOTE Using the Azimuth CCX 4.6 PreCertification Benchmark Test Suite Azimuth Systems, Inc. 31 Nagog Park Acton, MA 01720 Tel. 978.263.6610 Fax 978.263.5352 www.azimuthsystems.com ©2007 Azimuth Systems, Inc. Pub. No. 042507, Rev. v4.6, 4/25/07 Printed in USA Copyright © 2007 Azimuth Systems, Inc. All rights reserved. Azimuth, Azimuth DIRECTOR, SpyNIC, ACE, ADEPT, RadioProof and testMAC are trademarks of Azimuth Systems, Inc. Microsoft and Windows are trademarks of Microsoft Corporation. Adobe, Acrobat, and Acrobat Reader are trademarks of Adobe Systems Incorporated. All other third-party trademarks and service marks referred to in these materials are the property of their owners. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Azimuth Systems, Inc. Azimuth Systems, Inc. provides this documentation “AS IS,” without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms, or conditions of merchantability, satisfactory quality, non-infringement and fitness for a particular purpose. Azimuth Systems, Inc. reserves the right to make changes to equipment design or program components described in this documentation, as progress in engineering, manufacturing methods, or other circumstances may warrant. No responsibility is assumed for the use of Azimuth Systems, Inc. software or hardware, all rights, obligations and remedies related to which are as set forth in the applicable sales and license agreements. Azimuth systems has made every effort to ensure that this script implements the Cisco CCX test plan correctly. Azimuth makes no claims that the script will ensure your product gets CCX certification when tested by Cisco or labs authorized by Cisco. We believe that using this script will provide a test result close to the final test and will increase the chances of passing the official certification considerably. Azimuth Systems, Inc. 31 Nagog Park Acton, MA 01720 Tel. 978.263.6610 Fax 978.263.5352 www.azimuthsystems.com Technical Publications Doc. No. 042507, Rev. v4.6 Published 04/25/07 Printed in United States of America Using the Azimuth CCX 4.6 Pre-Certification Benchmark Test Suite Rev. v4.6 i-ii Table of Contents Chapter 1 Introduction Theory of Operation ..............................................................................................................1-2 Required Hardware/Software ................................................................................................1-3 Physically Configuring the Azimuth CCX Benchmark Test ...................................................1-5 Repeating Tests With Two Operating Systems in Parallel ....................................................1-7 Configuring the Station Under Test (STM) ............................................................................1-8 Configuring the Test Bed Client STM ....................................................................................1-8 Using the ASD as the Device Under Test .............................................................................1-9 Running the Azimuth CCX Benchmark Test ....................................................................... 1-11 Selecting Multiple Test Cases for Faster Test Execution ....................................................1-14 Reviewing Test Results .......................................................................................................1-19 Reviewing Benchmark GUI Test Results ............................................................................1-19 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Results ....1-21 Appendix A Additional Configuration and Setup Information ................................................................... A-1 Creating and Implementing the ASD Control Library and ASD Control Manager ................ A-1 Configuring the ASD in the Azimuth Director Device Manager ............................................ A-2 Installing and Configuring the ACS ...................................................................................... A-4 Configuring the AAA Client, AAA Server and ACS User ............................................... A-8 Importing Azimuth Certificates for PEAP/TLS Authentication ..................................... A-13 Configuring the ACS for Network Admission Control (NAC) ....................................... A-20 Configuring the ACS for Automated Control ................................................................ A-47 Upgrading the Cisco AP ..................................................................................................... A-50 Configuring FTP ................................................................................................................. A-51 Configuring TFTP ............................................................................................................... A-53 Configuring the Cisco 4400 Controller ............................................................................... A-54 Configuring WLSE ............................................................................................................. A-57 Connecting the WLSE to the Network ......................................................................... A-58 AP Discovery ............................................................................................................... A-58 Specifying WLCCP Credentials for the WDS .............................................................. A-59 Running the Discovery Wizard to Seed Devices ......................................................... A-59 Viewing Discovery Logs ............................................................................................... A-62 Managing and Unmanaging devices ........................................................................... A-62 Deleting RM Measurements ........................................................................................ A-63 Radio Monitoring ......................................................................................................... A-65 Displaying Faults to Verify Rogue AP Detection .......................................................... A-68 Client Walkabout .......................................................................................................... A-68 Creating a New Client Walkabout ................................................................................ A-68 Running a Client Walkabout ........................................................................................ A-72 Radio Parameter Generation ....................................................................................... A-73 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 i-iii Configuring Chariot ............................................................................................................ A-77 Setting Up the CCX Noise Tests ........................................................................................ A-77 Installing VNC ................................................................................................................... A-79 Configuring the DHCP Server ............................................................................................ A-85 Appendix B Automated Station Configuration ............................................................................................ B-1 Appendix C Configuration of Catalyst 3750G Switch and Cisco 3620 Router for VLAN Tests .............. C-1 Appendix D ...................................................................................................................................... Azimuth CCX Pre-Certification Benchmark Test Parameters ............................................... D-1 Info Tab .......................................................................................................................... D-1 Test-Bed Setup Tab ....................................................................................................... D-2 RADIUS Setup Tab ....................................................................................................... D-6 DUT Setup Tab .............................................................................................................. D-8 Test Selection Setup Tab ............................................................................................. D-11 Options Setup Tab ....................................................................................................... D-13 ASD Tab ...................................................................................................................... D-15 Log Tab ........................................................................................................................ D-20 System Log Tab ........................................................................................................... D-21 Results Tab .................................................................................................................. D-22 Common Tab Parameters ............................................................................................ D-23 i-iv Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Chapter 1 Introduction The Azimuth CCX Pre-Certification Benchmark Test Suite 4.6 automates the testing of 802.11 devices required by the Cisco Compatible Extensions (CCX) Program (Version 4.5). The specification for each CCX Program test is detailed in the CCX Test Plan (EDCS-532266 Rev 4.59), which is available from Cisco Systems. Note: The Azimuth CCX Pre-Certification Benchmark Test Suite implements all of the CCX Program tests defined in the CCX Test Plan (Rev. 4.59) except for the following tests or test steps, which are not supported by the Azimuth test system: • Test 4.7.5.4 - WLSE Testing: Performance and Stress Test. This test is not supported on the Azimuth Test System. • Test 6.5.5 - Call Admission Control (Unidirectional Voice TSPEC). This test is applicable to CCXv5 clients only. The Azimuth Test Suite tests CCXv4 clients. • Tests 5.4.x, 5.5.x, 5.6.x - Single Sign-on. These tests are not supported by the Azimuth test system. • Tests 5.9.1 and 5.9.2 - Other Testing. These tests are the same as tests 3.2.1.1 and 3.2.2.1 respectively. • Test 6.2.4.5 - Roaming in from cellular or other WAN. This test is not supported by the Azimuth test system. • Tests 6.8.x - Frame Report. These tests are the same as tests 4.7.2.x. • Tests 6.9.1, 6.9.3, 6.9.5 and 6.9.6 - EAP-FAST Enhancements. These tests are not supported by the Azimuth test system. The CCX tests ensure interoperability of wireless devices with Cisco WLAN infrastructure products. Passing all of the tests in Azimuth Systems’ CCX test ensures you of a better Wi-Fi product and increases your chances of passing CCX Certification. The Azimuth CCX Pre-Certification Benchmark is performed using the Azimuth W-Series WLAN Test Platform along with some specific Cisco-provided products. This document discusses the theory of operation for the test, defines Azimuth graphical user interface (GUI) parameters, provides information necessary to set up and run the tests and discusses the script test results. Note: All of the tests that comprise the CCX Pre-Certification Benchmark Test Suite are automated for the test bed client in the test bed. However, some functionality for CCX benchmark tests listed in “Automated Station Configuration” on page B-1 cannot be automated for the station under test due to the limitations of various supplicants used to automate the tests. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-1 Theory of Operation Theory of Operation Azimuth’s CCX Pre-Certification Benchmark Test Suite performs many of the test requirements necessary for CCX certification of each of your 802.11a, b and g devices to ensure that they properly interoperate with Cisco Aironet access points (APs), and that the device supports the Cisco Systems features in the CCX Program. Through the Azimuth GUI interface, individual tests may be selected, or the entire test suite can be chosen, allowing operator flexibility in design verification and debug use, or for final regression testing. Depending on whether the device under test (DUT) is a station or an application specific device (ASD), the DUT is installed either in an Azimuth Station Test Module (STM), Azimuth Wireless Standalone Client (WSC), Azimuth RadioProof Enclosure (Model RPE-101/401/421) or other device. The GUI operation allows for the DUT location. The additional test bed units, Cisco APs and client card, provided separately, are configured in Azimuth RadioProof Enclosures (Model RPE-102/402s) and an STM. These devices are configured such that manual reconfiguration during the test is unnecessary. In addition, equipment to perform the Noise Histogram tests, provided separately, is configured into the test setup. The script, controlled by the Azimuth DIRECTOR, features a GUI that is used to configure the test, indicate the required equipment configuration for the test, and report detailed analyses of both the test and test results. The Test Selection tab lists all of the tests that you can select for a particular type of DUT. When you select the type of DUT (such as a NIC or an ASD), the script automatically determines the specific tests to run and only allows you to select from those tests in the Test Selection tab. Test results indicate whether the devices under test have passed or failed. 1-2 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Required Hardware/Software Required Hardware/Software The major hardware and software requirements for this application include the following: Azimuth-Provided ■ Azimuth DIRECTOR (release 4.5 or higher) ■ Azimuth CCX Pre-Certification Benchmark Test available on the Azimuth CCX Pre-Certification Benchmark Test CD ■ Azimuth chassis (801W/800W) ■ Ethereal Protocol Analyzer (version 0.10.9, Azimuth v8 or higher) - this Azimuth-modified version of Ethereal is only available on the Azimuth CCX Pre-Certification Benchmark Test CD ■ One (1) Azimuth Wireless LAN Analyzer (WLA-202 or WLA-422) module (included WMM decodes) ■ Two (2) Azimuth RF Port Modules (RFM-102s) ■ Either of the following to house the test bed client: ■ One (1) Azimuth STM and one (1) Azimuth Client Carrier Card ■ One (1) Azimuth WSC and one (1) Azimuth RPE-101/401/421 ■ Either of the following to house the DUT (Windows station or ASD): ■ One (1) Azimuth STM and one (1) Azimuth Client Carrier Card ■ One (1) Azimuth WSC and one (1) Azimuth RPE-101/401/421 ■ Two (2) Azimuth RPE-102/402s ■ Necessary interface cables: ❏ CCX RF Cable Kit (ACC-258) Customer-Provided ■ One (1) Cisco CB21 AG Client Adapter (driver version 2.0.0.227 or 2.5.0.22) (test bed client) ■ Three (3) Cisco AIR-AP1231G-A-K9 or similar APs (IOS version 12.3(8) for the Autonomous test bed. The AP configuration must be reset to factory defaults and configured with static IP addresses when the CCX tests are either run for the first time or the AP configuration is changed manually. The Azimuth CCX Benchmark Test Release allows you to run CCX tests using AP IOS versions 12.3(4), 12.3(7), 12.3(8), or 12.3(11). Azimuth recommends that you use AP IOS version 12.3(8) for all CCX testing. Note: Use Cisco Access Points with Radio Modules RM21 or RM22 that support AES encryption on the 802.11a radio interface. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-3 Required Hardware/Software ■ CiscoSecure Access Control Server (ACS) AAA Security Server (or equivalent) (version 4.1(1) Build 23). ■ Funk Odyssey Client software (version 4.0 if you are using Azimuth DIRECTOR 4.5; version 4.32 if you are using Azimuth DIRECTOR 4.6) ■ Either of the following: ❏ One (1) Noise Generator (see “Setting Up the CCX Noise Tests” (page A-53)) ❏ One (1) Agilent 33120A Waveform Generator and One (1) HP 8672A Synthesized Signal Generator (or equivalent). Equivalent signal generators must meet the following criteria: • 2-6 GHz frequency range • +10 dBm power level • 45 dB II, III, IV Harmonic Suppression • Serial, GPIB or Ethernet interface • Synthesized tone signal type • M/A COM M8HC-7 RF Double Balanced Mixer ■ Power meter to verify signal generator output level ■ Ethernet 10/100 switch ■ RF combiner (if running with two operating systems in parallel). For information, see “Repeating Tests With Two Operating Systems in Parallel” on page 1-7. ■ One (1) Cisco AIR-AP1030-A-K9 and two (2) Cisco AIR-AP1242AG-A-K9 for the Unified testbed. The AP configuration must be reset to factory defaults and configured with static IP addresses when the CCX tests are either run for the first time or the AP configuration is changed manually. ■ One (1) Cisco 4400 Controller for the Unified test-bed, with software version 4.0.206.0. The Controller must be reset to factory defaults and configured with static IP addresses when the CCX tests are either run for the first time or the AP configuration is changed manually. ■ Cisco Catalyst 3750G Ethernet Switch. Note: For an example of a logical configuration for connecting a VLAN capable switch, please see Appendix C, “VLAN Configuration.” 1-4 ■ IXIA IxChariot (version 5.1 or higher)) and Endpoint Software ■ Cisco 1130 Wireless LAN Solution Engine (WLSE) Server (version 2.9 or higher) ■ Cisco Trust Agent Software (Version 2.0.1.14 for Windows XP and Version 2.0.0.30 for other operating systems) ■ Soft Token Server ■ Certificate Server (optional) Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Physically Configuring the Azimuth CCX Benchmark Test ■ Internet Explorer 6.0, Service Pack 1 ■ Java Runtime Environment (JRE) (version 1.5 or higher) (download from http://java.com/en/ download/manual.jsp) ■ Internet connection for download of Java JRE ■ Anti Virus Software installed with the latest virus definitions installed ■ Cisco 3620 (or similar) Router Physically Configuring the Azimuth CCX Benchmark Test The physical configuration of the Azimuth CCX Benchmark Test is shown in the following tables and figures. Table 1-2 shows a standard configuration for running the CCX test; a graphical example of the standard configuration is presented in Figure 1-1. Table 1-1. Standard Configuration RF Connections a b STM1 STM2 Noise AP AP AP Port Port Generator 1 2 3 1 1 1 2 2 2 1 1 1 2 2 2 1 2 1 2 A B C A B C A B C A B C RFM-102 1, Port RFM-102 2, Port 1A X 1B RFM102 (1) Port x 1C X 2A x 2B x 2C 1A X 1B RFM102 (2) Port X 1C 2A 2B X X 2C WLA- 1 202 2 Port X X X Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-5 Physically Configuring the Azimuth CCX Benchmark Test a. The test bed client may be housed in a WSC inside an RPE-101/401/421 instead of STM1. The DUT may also be housed in a WSC inside an RPE-101/401/421 instead of STM2. The RPE-101/ 401/421 housing the test bed client and the DUT must be connected to ports 2B and 1B of the RFM-102 (1), respectively. b. The Autonomous Tests use Cisco AP1231 running Cisco IOS software; the Unified Tests use Light-Weight APs (AP1030 or AP1242). The "AP1" RF connection refers to a pair of APs - one IOS AP1231 and one AP1030 - whose radios are combined using an RF combiner. Similarly, "AP2" and "AP3" each refer to a pair of APs - one IOS AP1231 and one AP1242 - whose radios are combined using RF combiners. Cisco 3620 Router Access Points in the Azimuth RPE-102/402s AP 1231 WLSE Server Chariot Server ACS AAA Server Soft Token Server E1 E2 E1 COMM 10/100 ETHERNET ! E2 COMM 10/100 ETHERNET WARNING 16V MAX (POWER OVER ETHERNET PASS THRU) TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY (POWER OVER ETHERNET PASS THRU) Certificate Server ! WARNING 16V MAX TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY AP 1242 Cisco 4400 Controller AP 1231 AP 1231 Pub-Net Cisco Catalyst 3750G Switch E1 E2 E1 COMM 10/100 ETHERNET ! E2 10/100 ETHERNET WARNING TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY 16V MAX (POWER OVER ETHERNET PASS THRU) (POWER OVER ETHERNET PASS THRU) AP 1242 COMM ! WARNING TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY 16V MAX AP 1030 Test-Net 192.168.1.1 GPIB or Serial Interface 800W Azimuth DIRECTOR Bus-Net 192.168.2.1 1 RFM-102 Link Link 2 Sync Act RFM-102 Link Link 3 4 STM-412 Sync Link Act Act Status Sync STM ! Station-1 Station-2 Act Status Warning: +5VDC Output ! 6 7 8 WLA-202 Link Act Status Sync WLA Probe-1 Probe-2 Act Status RF Port 1 CardBus Station-1 Warning: +5VDC Output RF Port 1 ! Warning: +5VDC Output CardBus Station-1 Device Under Test RF Port 1B Waveform Generator Status Sync STM Station-2 Status Waveform Generator Act Station-1 RF Port 1 RF Port 1A 5 STM-412 Link RF Port 1C AiroPeek TM Signal Generator RF Port 2 RF Port 2A ! Warning: +5VDC Output RF Port 2B Signal Generator RF Port 2C ! Warning: +5VDC Output RF Port 2 ! Warning: +5VDC Output CardBus Station-2 Test Bed Client CardBus Station-2 RF Port 2 AiroPeek TM Twisted Pair Ethernet RF Gigabit Ethernet Azimuth Chassis Figure 1-1. Standard Configuration Connections 1-6 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Repeating Tests With Two Operating Systems in Parallel Repeating Tests With Two Operating Systems in Parallel The CCX Test Plan requires that Windows stations be tested on both the Windows XP and the Windows 2000 operating systems. To support concurrent testing on these operating systems, the Azimuth CCX PreCertification Benchmark Test allows you to select two Windows Stations as the devices under test (DUTs). Each test case is first run with the primary DUT. If a secondary DUT is selected, the test case is repeated using the secondary DUT. The two DUTs must be connected using a 2-to-1 RF combiner to Port 1B of the RFM-102 (Figure 1-2). When the test is repeated with the secondary DUT, the APs are configured incrementally (as described in “Selecting Multiple Test Cases for Faster Test Execution” (page 1-14)). This reduces the total time for executing the test cases. The Results tab (see Figure D-12) groups the test results by the MAC address of the DUT. Twisted Pair Ethernet RF Gigabit Ethernet Cisco 3620 Router Access Points in the Azimuth RPE-102/402s WLSE Server Chariot Server AP 1231 ACS AAA Server Soft Token Server E1 E2 E1 COMM 10/100 ETHERNET (POWER OVER ETHERNET PASS THRU) ! E2 COMM 10/100 ETHERNET WARNING 16V MAX TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY ! WARNING 16V MAX (POWER OVER ETHERNET PASS THRU) Certificate Server TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY AP 1242 Cisco 4400 Controller AP 1231 AP 1231 Pub-Net Cisco Catalyst 3750G Switch E1 E2 E1 COMM 10/100 ETHERNET (POWER OVER ETHERNET PASS THRU) ! E2 10/100 ETHERNET WARNING 16V MAX TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY (POWER OVER ETHERNET PASS THRU) AP 1242 COMM ! WARNING 16V MAX TAKE CARE TO CONNECT DC DEVICES IN CORRECT POLARITY AP 1030 Test-Net 192.168.1.1 GPIB or Serial Interface 800W Bus-Net 192.168.2.1 Azimuth DIRECTOR 1 RFM-102 Link 2 Sync RFM-102 Link 3 4 STM-412 Sync Link Act Status Sync STM 5 Link Act Link Status 7 8 Status Sync WLA Probe-2 Act Status RF Port 1 ! Waveform Generator Act Probe-1 Station-2 Act RF Port 1A 6 WLA-202 Link Station-1 Warning: +5VDC Output RF Port 1 ! Warning: +5VDC Output ! Warning: +5VDC Output CardBus Station-1 RF Port 1B Waveform Generator RF Port 1C Signal Generator AiroPeek TM RF Port 2 RF Port 2A ! Warning: +5VDC Output RF Port 2 Signal Generator RF Port 2C Test Bed Client CardBus Station-2 RF Port 2B AiroPeek TM RF1 RF2 RF3 RF4 RF5 RF Combiner RF6 RadioProof RF7 RF8 TM Enclosure WSC Housing Primary Station RF Combiner RF1 RF2 RF3 RF4 RF5 RF6 RF7 RF8 RF Combiner RadioProof TM Enclosure Azimuth Chassis WSC Housing Secondary Station Figure 1-2. Physical Configuration Running Tests with Two Operating Systems in Parallel Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-7 Configuring the Station Under Test (STM) Configuring the Station Under Test (STM) Perform the following procedure to configure the station under test STM. A similar procedure may be used to configure a WSC that contains the station under test. 1. Install the station under test client card in the STM chamber. 2. Ghost the STM OS factory image. For instructions, see “Using Symantec Ghost to Restore and Back Up WSC OS Images” in the Azimuth Wireless LAN Test System Operations Guide and Azimuth DIRECTOR User Guide. 3. Install the client card driver. 4. Install the client card configuration utility if you wish to use it to configure the client card. 5. Install Chariot endpoint software and configure Layer 2 Priority Values and Registry settings as described in the CCX Test Plan (Cisco document number EDCS-230632, section 14.4.2.1, Setting Up the Chariot Endpoints). 6. Set up client and root certificate authority (CA) certificates on the STM according to instructions presented in “Configuring PEAP and EAP-TLS” (page A-24). Note: After setting up the STM with all required hardware and software drivers, back up the STM OS image using Symantec Ghost. For more information, refer to your Azimuth DIRECTOR release notes. 7. Install the Cisco Trust Agent (Version 2.0.1.14 for Windows XP and Version 2.0.0.30 for other operating systems). The Cisco Trust Agent installation package can be obtained from Cisco Systems. Select the “Complete” Installation Type to ensure that the CTA Scripting Interface is also installed. Configuring the Test Bed Client STM Perform the following procedure to configure the test bed client STM. A similar procedure may be used to configure a WSC that contains the test bed client. 1-8 1. Install the test bed client card in the STM chamber. 2. Ghost the STM OS factory image. For instructions, see “Backing Up STM Images” (page 6-18) in the Azimuth Wireless LAN Test System Operations Guide and Azimuth DIRECTOR User Guide. 3. Install the client card driver (version 2.0.0.227 or version 2.5.0.22). 4. Install VNC onto the STM. For instructions, see “Installing VNC” (page A-55). Then install Funk Odyssey onto the STM. See Funk user documentation for specific installation instructions. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Using the ASD as the Device Under Test 5. Install WinPcap 3.1 and Ethereal 0.10.9.Azimuth.v8 onto the STM. WinPcap can be downloaded from http://www.winpcap.org/install/default.htm. Ethereal 0.10.9.Azimuth.v8 can be found on the Azimuth DIRECTOR installation CD. Note: When installing or using the Funk Odyssey Client, Azimuth Systems recommends that you use VNC to access the STM from the Azimuth DIRECTOR. If you use the Microsoft Remote Desktop Connection to access the STM from the Azimuth DIRECTOR, you will need to reboot the STM before you can use VNC to access the STM. Note: After setting up the STM with all required hardware and software drivers, back up the STM OS Image using Symantec Ghost. For more information, refer to your Azimuth DIRECTOR release notes. Using the ASD as the Device Under Test To use an application specific device (ASD) as the device under test (DUT), you must perform the following procedure prior to running the tests. 1. Configure the ASD in the Device Manager in the Azimuth DIRECTOR. For more information, see “Configuring the ASD in the Azimuth Director Device Manager” (page A-4). 2. Optionally, create and implement either a control library or a control manager using the Tcl programming language to configure the ASD. For more information, see “Creating and Implementing the ASD Control Library and ASD Control Manager” (page A-2). Note: Azimuth provides a default ASD control library to configure the ASD. This default library prompts the user to configure the ASD manually or to provide information required for the CCX tests. During certain tests, the Azimuth CCX ASD control library will prompt you to perform certain actions. For example, when you start an FTP file transfer from the ASD, it is necessary for you to select [ OK ] as soon as possible after you start the FTP file transfer or perform the action described by the user prompt so that the resulting action (e.g., the FTP file transfer) does not complete before the test continues. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-9 Using the ASD as the Device Under Test Note: Regarding Data Connectivity Testing Using FTP: The Azimuth CCX Benchmark Test uses a 10MB file to test file transfer between the ASD and the Azimuth DIRECTOR. The ASD Under Test may support FTP but may not have sufficient space to store a 10MB file. In that case, replace the file ccx-ftp-small.dat located in \data\tests\ccx\tftpboot with a file of the appropriate size. If the ASD Under Test does not support FTP, then configure the test (see Appendix D, “ASD Tab”) to skip the FTP portion of the data connectivity test. The test script will prompt you to transfer a large amount of data from the ASD to the Azimuth DIRECTOR using a method supported by the ASD. Note: Regarding Data Connectivity Testing Using Multicast: By default, the Azimuth CCX Benchmark Test uses the mcast tool to generate multicast traffic from the Azimuth DIRECTOR, and prompts the user to use a multicast tool supported by the ASD to receive the multicast traffic on the ASD. mcast generates multicast traffic that has the IP Protocol field set to 0xFF, and some multicast tools may not be able to receive this multicast traffic. Hence, the test GUI allows the user to choose the tool used to generate multicast traffic from the Azimuth DIRECTOR (see Appendix D, “ASD Tab). Use the iperf option to generate UDP multicast traffic on the default iperf port (5001). Use the Prompt the user option to use a tool of your choice to generate multicast traffic with specified parameters. If the ASD Under Test does not support multicast traffic, then configure the test (see Appendix D, “ASD Tab) to skip the multicast portion of the data connectivity test. Note: Regarding WMM Functionality Testing: The WMM Functionality tests generate three traffic streams from the client, of which one stream has Prioritized traffic and the other two have Best Effort traffic. The tests verify that under high load conditions, the throughput of the Prioritized traffic stream does not drop below an acceptable threshold. The Azimuth CCX Benchmark Test uses Chariot to generate traffic and measure the throughput of prioritized and non-prioritized traffic in the WMM Functionality Tests. The test runs the High_Performance_Throughput Chariot script to determine the maximum throughput supported by the ASD, and then calculates the data rates for the three traffic streams that are generated as specified in the CCX Test Plan. For example, if the maximum throughput supported by the ASD is 20Mbps, then the test generates the three traffic streams with data rates of 14Mbps, 10Mbps and 10Mbps respectively. If the maximum supported throughput is lower, the data rates are reduced proportionately. 1-10 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Running the Azimuth CCX Benchmark Test Running the Azimuth CCX Benchmark Test This section describes the hardware and software requirements and prerequisites for running the Azimuth CCX Pre-Certification Benchmark Test. A procedure following that information describes how to run the test. HARDWARE AND SOFTWARE REQUIREMENTS AND PREREQUISITES: ■ The required hardware and software required for this test is listed in “Required Hardware/ Software” (page 1-2). ■ Install the Azimuth CCX Pre-Certification Benchmark Test on the Azimuth DIRECTOR PC. Note: For information on installing the Azimuth CCX Pre-Certification Benchmark Test, please see the Azimuth Benchmark and Tcl Libraries Installation Guide available on the document CD and on the Benchmark Software CD. ■ ■ Perform the following procedures: ❏ “Configuring the Station Under Test STM” (page 1-7) ❏ “Configuring the Test Bed Client STM” (page 1-8) Perform the following DIRECTOR-related procedures: ❏ “Installing and Configuring the ACS” (page A-7) ❏ “Configuring the AAA Client, AAA Server and ACS User” (page A-11) ❏ “Configuring WLSE” (page A-33) ❏ “Configuring Chariot” (page A-52) ❏ “Setting Up the CCX Noise Tests” (page A-53) ❏ Enable TFTP on the Azimuth DIRECTOR Test-Net interface as described in “Configuring TFTP” (page A-28). ❏ Enable FTP on the Azimuth DIRECTOR Test-Net as described in “Configuring FTP” (page A-27). ❏ Enable Routing and Remote Access on the Azimuth DIRECTOR Test-Net interface as described in “Configuring Routing and Remote Access” (page A-30). To Set Up and Run the CCX Pre-Certification Benchmark Test: 1. Select Tools > Connected Devices in the Azimuth DIRECTOR main menu to open the Connected Devices menu. 2. Select [ New ]. The New Device dialog box opens (Figure 1-2). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-11 Running the Azimuth CCX Benchmark Test Figure 1-3. New Devices Dialog Box 1-12 3. Select the Access Point option from the Device Type pull-down menu. You are now ready to add the first AP in the CCX Pre-Certification Benchmark Test Suite to the Azimuth DIRECTOR. 4. Enter the appropriate information in the other fields in the New Devices dialog box that pertain to the AP. Make sure that you also select where the AP is connected, such as the RFM and RFM port, and indicate if there are any additional RF losses. When you are done, select [ OK ]. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Running the Azimuth CCX Benchmark Test 5. Repeat steps 2 through 4 for each of the three Autonomous and the three Unified (Light-Weight) APs that you must enter into the Azimuth DIRECTOR configuration. For the Unified APs, enter the IP address of the Cisco 4400 Controller, not the IP address of the AP, and enter the AP Ethernet MAC Address or the AP Radio Base Address in the BSSID field. When you have finished entering the last AP, the Connected Devices dialog box appears similar to the one shown in Figure 1-3. That box shows the AP names, connections, addresses and vendor name for the device. Figure 1-4. Connected Devices Dialog Box 6. Select [ OK ] to close the Connected Devices dialog box. 7. Double-click the CCX Certification logo in the Benchmark Tests area of the Azimuth DIRECTOR Test Manager to open the CCX Pre-Certification Benchmark Test Suite (see Figure 1-4). Figure 1-5. CCX Pre-Certification Benchmark Test Certification Logo 8. Complete information in the Info tab as desired. 9. Select the Setup tab. 10. Select the tabs within the Setup tab and configure the tests accordingly. 11. To set up the Noise Generator, use the Setup - 802.11/Noise subtab. 12. Select [ Go ]. The CCX Pre-Certification Benchmark Test runs. 13. Check the Log tab. The test output appearing in the Log tab of the dialog box will look similar to that shown in Figure 1-11. Analyze your test output to determine if the desired quality has been achieved. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-13 Selecting Multiple Test Cases for Faster Test Execution Selecting Multiple Test Cases for Faster Test Execution Each test in the Azimuth CCX Pre-Certification Benchmark Test (releases 3.1 and earlier) begins with the following steps: ■ Initialize the configuration of each of the three APs used in the test; this takes 30-35 seconds. ■ Configure each AP according to the test requirements. This time varies; for example, the WLCCP registration required for CCKM key management takes 40 to 50 seconds. Many CCX tests use the same or similar AP configuration. In Azimuth CCX Pre-Certification Benchmark Tests (release 3.2 or higher), these similar tests are grouped as listed in Table 1-2 and Table 1-3. When you select multiple test cases to run, tests in a group are run together. The APs are configured completely at the start of each test for the first test in the group, and the AP configuration is incrementally changed for the remaining tests in the group. This will cause a longer test run time and may cause some of the APs to become unstable. Minimizing AP configuration changes reduces the total time for executing the test cases. Each test group has a Common AP configuration, e.g., EAP authentication with WEP128 encryption. Each test case in the group has one or more test-specific AP configuration steps, e.g., the setting of the fragmentation threshold to 500 bytes. The test-specific configuration is undone or reset when the test case is completed. When running several iterations of the same test case, the APs are configured from the beginning for the first iteration, and incrementally for subsequent iterations. To override this optimization in the AP configuration, enable the “Reset AP Configuration at the start of each test case” (page D-15) checkbox. If this checkbox is enabled the APs are configured from scratch for every test. Table 1-2. Autonomous Tests Using the Same or Similar AP Configuration Test Group Test Number EAP Authentication 3.2.2.1 3.2.3.1 4.6.1 4.6.2 5.3.8 LEAP Authentication 1-14 4.4.2 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Selecting Multiple Test Cases for Faster Test Execution Table 1-2. Autonomous Tests Using the Same or Similar AP Configuration Test Group Test Number Open Authentication with Null Encryption 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.4.1 4.8.1 6.2.1.1 6.2.1.2 6.2.2.1 6.2.2.2 6.2.2.3 6.2.2.4 6.2.3.1 6.2.4.1 6.2.4.2 6.2.4.3 6.2.4.4 6.2.4.6 6.2.4.7 AP-Assisted Roaming 4.4.3 CCKM Authentication 4.5.1 5.3.3 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.1.6 6.1.7 6.1.8 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-15 Selecting Multiple Test Cases for Faster Test Execution Table 1-2. Autonomous Tests Using the Same or Similar AP Configuration Test Group Test Number Radio Measurement 4.7.1.1 4.7.1.2 4.7.1.3 4.7.1.4 4.7.2.1 4.7.2.2 4.7.3.1 4.7.4.1 4.7.5.1 4.7.5.2 4.7.5.3 EAP-FAST Functionality 5.1.3 5.1.11 5.1.12 5.1.13 5.3.2 EAP FAST with WPA 5.1.6 5.1.7 5.1.8 5.3.7 EAP FAST with Multiple VLANs 5.1.10 EAP-Fast with CCKM and WPA 5.2.4 WMM with Open Authentication 5.3.1 WMM with EAP-FAST Authentication 5.3.6 WPA2 Functionality 5.7.1 5.7.2 5.7.3 5.8.1 5.8.2 5.8.3 1-16 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Selecting Multiple Test Cases for Faster Test Execution Table 1-2. Autonomous Tests Using the Same or Similar AP Configuration Test Group Test Number Open Authentication with Null Encryption 6.11.1 6.11.2 6.12.1 6.13.1 Network Admission Control 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 SSIDL 6.4.2 6.4.3 Call Admission Control 6.5.1 6.5.2 6.5.3 6.5.4 UAPSD 6.6.1 6.6.2 Traffic Stream Metrics 6.7.1 EAP-FAST Enhancements 6.9.2 MBSSID 6.10.1 6.10.2 6.10.3 6.10.4 6.10.5 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-17 Selecting Multiple Test Cases for Faster Test Execution Table 1-3. Unified Tests Using the Same (or Similar) AP Configuration Test Group Test Number EAP Authentication 3.2.5.1 3.2.6.1 4.6.3 4.6.4 5.3.16 Open Authentication with Null Encryption 4.3.6 4.3.7 4.3.8 4.3.9 4.3.10 4.4.2 4.8.2 5.3.9 EAP FAST Functionality 5.1.14 5.1.16 5.1.17 5.1.24 5.1.25 5.1.26 EAP-FAST with Multiple VLANs 5.1.23 EAP-FAST Authentication with CCKM 5.2.10 5.2.11 WMM with EAP-FAST 5.3.12 5.3.15 WPA2 Functionality 5.7.4 5.7.5 5.7.6 5.8.4 5.8.5 5.8.6 1-18 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Reviewing Test Results Table 1-3. Unified Tests Using the Same (or Similar) AP Configuration (Continued) Test Group Test Number Open Authentication with Null Encryption 6.12.2 6.13.2 MBSSID 6.10.6 Reviewing Test Results You can view the test results in two ways: ■ Benchmark GUI — to see test results in the CCX Pre-Certification Benchmark Test GUI, please see “Reviewing Benchmark GUI Test Results” (page 1-19). ■ Azimuth Studio — you can also view, export, authenticate and compare CCX test results in Azimuth Studio. For specific information on viewing these results, please see “Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Results” (page 1-21). Reviewing Benchmark GUI Test Results The optimal results of the CCX Pre-Certification Benchmark Test will be to achieve a Pass grade for all tests. The results of all CCX Pre-Certification Benchmark Test results are saved in the Azimuth PC directory \data\tests\runDB\CCX. The results are sorted by date and time. An example of the output of the Log tab is presented in Figure 1-5 and Figure 1-6. The various sections of the output in the Log tab include the following: ■ Information - displays the information entered in the Info tab ■ Purpose - displays the stated purpose of the test being performed ■ Test Setup - displays operations performed by the test to set up the client for the test ■ AP Configuration - displays operations performed by the test to set up the AP for the test ■ Test Details - provides information related to other operations being performed (such as configuring the RADIUS server) ■ Pass/Fail/Error Notification - states whether the selected test has passed, failed or if an error has prevented it from finishing ■ Test Complete - notes when the test is finished Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-19 Reviewing Benchmark GUI Test Results Information Purpose Test Setup Figure 1-6. Log Tab Output Example (1 of 2) AP Configuration Test Details Pass/Fail/Error Notification Test Complete Figure 1-7. Log Tab Output Example (2 of 2) 1-20 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Results If you have installed a licensed version of Azimuth Studio, you can open Azimuth Studio to view and compare test results from different runs of the CCX Pre-Certification Benchmark Test. You can also export a test run and then import it into another Azimuth Studio server, where it can be authenticated. The test run is authenticated by inserting a digital signature into the output that can be verified by any Azimuth Studio product. To View, Compare, Export/Import and Authenticate Test Results in Azimuth Studio: 1. Open Azimuth DIRECTOR and select the database icon on the main toolbar. The Internet Explorer browser opens and the Azimuth Studio login page appears. 2. Enter your user name and password in the appropriate fields and select [ OK ]. The Quick Search window appears. 3. Select the CCX Unified Tests option in the TEST field. 4. Select the date range in which the tests were run in the FROM and TO fields. The results for each test run of the CCX Pre-Certification Benchmark Test appears in the GUI under the Test Description field (Figure 1-8). Figure 1-8. Example Studio Quick Search Window Showing Test Results Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-21 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test 5. Select the magnifying glass icon in the seconds column adjacent to the test name to view test results from the list. The test report appears as shown in Figure 1-9. Figure 1-9. Example Studio Quick Search Window Showing Test Results All of the same information that is available in separate tabs (like the Log and System Log tabs) of the benchmark GUI is presented in the Azimuth Studio report. In the example in Figure 1-9, note that in the lower portion of the report that there are expandable fields with plus (+) signs adjacent to them. When you select these plus signs with your cursor to expand them, the full content of the field appears as shown in Figure 1-10. 1-22 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Figure 1-10. Example Studio Quick Search Window Showing Test Results 6. To compare two test runs, display the list of test results as explained in step 4. Then select the comparison icon adjacent to two of the appropriate reports in the Compare column. Each time you select the comparison icon, a message appears with wording similar to the following: Adding Test Run 106 to the comparison page. Select [ OK ] to close each message box. 7. Select the Compare Test Runs option. The selected tests to compare display (Figure 1-11). Figure 1-11. Compare Test Runs 8. Select [ Compare Test ]. The two tests appear side-by-side in the comparison report. A portion of a comparison report is shown in Figure 1-12. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-23 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Figure 1-12. Example of a Comparison Report 9. Select Quick Search, and then select the magnifying glass icon adjacent to the test run that you want to export (Figure 1-13). The test run you wish to export appears. Note that the example of the test run in Figure 1-13 shows an open lock icon; this indicates that the test run is not authenticated. Export Test Run File Not Authenticated Figure 1-13. Exporting the Test Run 10. Select the Export Test Run icon (Figure 1-13). A message appears to indicate the progress of the export process. Then a message appears similar to that shown in Figure 1-14 to indicate the success of the exportation process. 1-24 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Figure 1-14. Exportation Procedure Progress Message 11. Download the exported file by selecting [ Download ] (see Figure 1-14). A prompt appears asking whether to save or open the file (Figure 1-15). Figure 1-15. Saving the Exported Test Run 12. Select [ Save ]. When prompted, save the file to a temporary location. 13. Copy the file to the Azimuth Studio Server in the following path: \Program Files\Azimuth\Studio\WWW\data\imports If necessary, create any folders on the Azimuth Studio Server that do not exist in the path noted above. Note: Ensure that you save the exported Studio test run to the Azimuth Studio server, not to the client. 14. In the Azimuth Studio main menu, select Administration > Maintenance. The Maintenance menu appears (Figure 1-16). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-25 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Figure 1-16. Selecting the File to Import 15. Select the appropriate test run in the Test Run pull-down menu. 16. Select [ Import Test Run Now ]. Messages appear (Figure 1-17) to indicate the progress of the importation operation. Then a message appears to indicate the success of the operation. Figure 1-17. Importation Procedure Progress Messages 17. In the Azimuth Studio main menu, display the test you imported. Note that in the Auth column that there appears an icon of a green locked padlock. This indicates that the imported file was authenticated. This means that the Azimuth Studio has successfully authenticated the imported file. If the padlock is red, it means that the file has failed authentication. 1-26 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test Figure 1-18. Authenticated Imported File Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 1-27 Using Azimuth Studio to View, Compare, Import/Export and Authenticate Test 1-28 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Creating and Implementing the ASD Control Library and ASD Control Manager Appendix A Additional Configuration and Setup Information The following sections provide additional configuration and setup information: Creating and Implementing the ASD Control Library and ASD Control Manager To configure the ASD, you may implement either a control library or a control manager using the Tcl programming language. By default, the ASD is configured using the Azimuth CCX ASD library, prompting the user to configure the ASD manually or provide information required for the CCX tests. If you choose to implement a control library for the ASD, you must implement all of the mandatory station SDK functions listed in the Azimuth Library Reference document or the Azimuth AP and ASD Device Library Interface Specification document. You may also implement optional station SDK functions found in the Azimuth AP and ASD Device Library Interface Specification document. Implementing a control library allows you to specify custom parameters, such as a user name and password, to connect to the ASD. The Azimuth CCX ASD library is used for functions that are not implemented by your control manager. Implementing a control manager allows you to automate selected SDK functions based on the capabilities of the ASD. To summarize, the ASD under test is configured in the following manner: 1. If a custom ASD control library is implemented, the custom ASD control library is used for all mandatory station SDK functions. The custom ASD control library is also used for the optional station SDK functions that it implements. The default Azimuth CCX ASD library is used for all other optional station SDK functions. 2. Otherwise, if an ASD control manager is implemented and is selected as the Supplicant in the CCX Benchmark Test GUI, the ASD control manager is used for those station SDK functions that it implements. The default Azimuth CCX ASD library is used for all the other station SDK functions. 3. Otherwise, the default Azimuth CCX ASD library is used for all station SDK functions. Refer to the Azimuth Tcl Command and Scripting Reference document and Azimuth Programmer’s Guide for more information about the Station SDK functions and how to implement a Tcl control library. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-1 Configuring the ASD in the Azimuth Director Device Manager Configuring the ASD in the Azimuth Director Device Manager The ASD Under Test must be connected to RFM 1 Port 1B on the front panel of the Test System. Follow the steps described next to configure the ASD parameters in the Azimuth DIRECTOR’s Device Manager. 1. Select Tools > Connected Devices in the Azimuth DIRECTOR main menu to open the Connected Devices menu. 2. 2. Select [ New ]. The New Device dialog box opens (Figure A-1). Figure A-1. New Device Dialog Box A-2 3. Select the Application Specific Device option from the Device Type pull-down menu. You are now ready to add the ASD to the Azimuth DIRECTOR. 4. Enter the appropriate information in the other fields in the New Device dialog box that pertain to the ASD. If you have not implemented a Control Library for the ASD, leave the Vendor, Model, and Version fields blank. When you are done, select [ OK ]. 5. After the ASD is configured in the Device Manager, you can select it as the Device Under Test in the CCX Test-Bed Setup tab, using the Device Under Test [Browse] button (Figure A-2). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring the ASD in the Azimuth Director Device Manager Figure A-2. Select Device Dialog Box 6. The CCX Test Selection tab shows the list of tests that can be run using an ASD (Figure A-3). Figure A-3. Test Selection Tab Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-3 Installing and Configuring the ACS Installing and Configuring the ACS The following procedure describes how to install and configure the CiscoSecure Access Control Server (ACS) onto the Azimuth DIRECTOR PC or another computer that you want to use as the RADIUS server. Note: CiscoSecure ACS 4.1(1) Build 23 may be installed by upgrading ACS 4.0(1) Build 27. The CCX tests, however, may not function properly if you upgrade CiscoSecure ACS by installing version 4.1(1) Build 23 over other versions. Uninstall these other versions of CiscoSecure ACS before installing the CiscoSecure ACS 4.1(1) Build 23. PREREQUISITES: ■ CiscoSecure ACS (version 4.1(1) Build 23) ■ Internet Explorer 6.0, Service Pack 1 ■ Java Runtime Environment (JRE) (version 1.5 or higher) (download from http://java.com/en/ download/manual.jsp) ■ Pub-Net connection ■ Anti Virus Software must be running Note: Only one CiscoSecure Access Control Server should be running in the network for the CCX Pre-Certification Benchmark Test. Procedure: Installing and Configuring the ACS 1. Run the CiscoSecure ACS installation program on the Azimuth DIRECTOR PC or another computer that you wish to use as the RADIUS server. The Before You Begin dialog box appears (Figure A-4). Figure A-4. Before You Begin Dialog Box A-4 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 2. Select all of the options and select [ Next ]. The Choose Destination Location dialog box appears (Figure A-5). Figure A-5. Choose Destination Location Dialog Box 3. Accept the default destination directory to install the program by Selecting [ Next ]. The Authentication Database Configuration dialog box appears (Figure A-6). Figure A-6. Authentication Database Configuration Dialog Box 4. Select the option Also check the Windows User Database and then select [ Next ]. Selecting this option allows clients to log in using the user name console and password. azimuth without having to explicitly configure the password in the CiscoSecure ACS. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-5 Installing and Configuring the ACS 5. Enter a name for the network access server (NAS). Then enter the appropriate IP address in the Access Server IP Address and Windows Server IP Address fields. In the TACACS+ RADIUS Key field enter azimuth. Then select [ Next ] to advance to the Advanced Options dialog box (Figure A-7). The values in this window allow the CiscoSecure ACS to communicate with a NAS, which is one of the Cisco APs used in the Azimuth CCX benchmark test. (You can enter other NAS definitions later when you run the CiscoSecure ACS software in “Configuring the AAA Client, AAA Server and ACS User” (page A-8)). Figure A-7. Advanced Options Dialog Box 6. Do not select any options; select [ Next ]. The Active Service Monitoring dialog box appears (Figure A-8). Figure A-8. Active Service Monitoring Dialog Box A-6 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 7. Do not select any options; select [ Next ]. At this time the CiscoSecure ACS in installed on the Azimuth DIRECTOR PC. The password dialog box appears (Figure A-9). Figure A-9. Password Dialog Box 8. Enter a new password in the two text boxes. The CicsoSecure ACS Service Initiation dialog box appears (Figure A-10). Figure A-10. CicsoSecure ACS Service Initiation Dialog Box Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-7 Installing and Configuring the ACS 9. If you want the CiscoSecure ACS to run following installation, select the option to start the ACS now. If you want to set up users, groups, and NASs for the ACS following this installation, select the option to launch CiscoSecure ACS Administrator. If you want to read the release notes for the ACS, then select the Readme file option. After you select the options that you desire, select [ Next ]. Configuring the AAA Client, AAA Server and ACS User The following procedure describes how to do the following: ■ ■ ■ Configure each AP as an AAA client Configure the AAA server Configure an ACS user on the ACS server using the CiscoSecure ACS software PREREQUISITES: ■ Install and run the CiscoSecure ACS as described in “Installing and Configuring the ACS” (page A-4). Procedure: Configuring the AAA Client, Server and ACS User 1. Open the CiscoSecure ACS Administrator by selecting the ACS Admin icon on the RADIUS Server desktop. 2. Select [ Network Configuration ]. The Network Configuration window appears (Figure A-11). When you first open the Network Configuration window, the AAA client hostname you defined during the software installation appears. Figure A-11. Network Configuration Window A-8 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 3. Select [ Add Entry ] that appears below the AAA Clients list. The AAA Client Setup window appears (Figure A-12). Figure A-12. AAA Client Setup Window 4. Enter the IP address of the AP you are designating as an AAA client in the AAA Client IP Address field. 5. Enter the shared secret for the AAA client in the Key field. The shared secret is the same field value that is configured in the Radius Setup tab of the Azimuth CCX Pre-Certification Benchmark Test (see Radius Shared Secret in Table 1.) 6. Select RADIUS (Cisco Aironet) for the Authenticate Using option. 7. Select [ Submit + Restart ]. The CiscoSecure ACS Administrator displays the Network Configuration window refreshed with the new entry appearing in the list of AAA client hostnames (see example in Figure A-13). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-9 Installing and Configuring the ACS Figure A-13. Updated AAA Client Hostname List 8. Select [ Add Entry ] that appears below the AAA Servers list. The Add AAA Server window appears (Figure A-14). Figure A-14. Add AAA Server Window 9. Enter Director as the name of the RADIUS server in the AAA Server Name field. 10. Enter the IP address of the RADIUS server you are designating as an AAA server in the AAA Server IP Address field. 11. Enter the shared secret for the RADIUS server in the Key field. The shared secret is the same field value that is configured in the RADIUS Setup tab of the Azimuth CCX Pre-Certification Benchmark Test (see Radius Shared Secret in Table 1.) A-10 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 12. Select RADIUS (Cisco Aironet) for the Authenticate Using option. 13. Select [ Submit + Restart ]. The CiscoSecure ACS Administrator displays the Network Configuration window refreshed with the new entry appearing in the list of AAA client hostnames (see example in Figure A-15). Figure A-15. Updated AAA Servers Window 14. When you installed the CiscoSecure ACS software, the user console was added to the system. To configure additional users, select [ User Setup ]; the User Setup window appears (Figure A-16). You can also edit the settings for existing users by selecting [ User Setup ]. Figure A-16. User Setup Window 15. Enter the name of the user you want to edit or create and select [ Add/Edit ]; the user configuration window for the created or existing user appears (Figure A-17). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-11 Installing and Configuring the ACS Figure A-17. User Configuration Window 16. In the User Setup area of the window, select the CiscoSecure Database option for the Password Authentication pull-down parameter. 17. The default password for the STM and the Azimuth DIRECTOR is azimuth. Azimuth Systems recommends that you use the password azimuth for the main user (console). (Asterisks are displayed in place of the password entered.) 18. Select [ Submit ] to accept the changes to the user name. 19. To use certificates supplied with the Azimuth Systems CCX Benchmark Test for PEAP and TLS authentication, perform the steps detailed in “Importing Azimuth Certificates for PEAP/TLS Authentication” (page A-13) before proceeding to step 20. 20. To configure the global authentication setup, select [ System Configuration ] and select all of the parameters shown in Figure A-18. When you are done, select [ Submit + Restart ]. A-12 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-18. Global Authentication Setup Importing Azimuth Certificates for PEAP/TLS Authentication Certificates are supplied with the Azimuth Systems CCX Benchmark Test for PEAP and TLS authentication. The certificate files are located on the Azimuth DIRECTOR in /data/tests/CCX/certificates. The following procedure describes how to import the certificates. 1. Create the directory certs on the root of the drive of the ACS server machine. 2. Copy the following Azimuth-provided files to C:\certs: acsServerCertificate.pfx azimuthCCXBenchRootCA.cer 3. On ACS Server select [ Start ] > Run, and enter mmc in the Run dialog box to open the Microsoft Management Console (MMC) Console1 explorer window (see Figure A-19). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-13 Installing and Configuring the ACS Figure A-19. MMC Console1 Explorer Window 4. Select File > Add/Remove Snap-in in the Microsoft Management Console window. The Add/ Remove Snap-in window opens. Figure A-20. Add Remove Snap-In Dialog Box 5. A-14 Select [ Add ]. The Add Standalone Snap-in dialog box opens (see Figure A-21). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-21. Add Standalone Snap-In Dialog Box 6. Highlight Certificates, and then select [ Add ]. The Certificates snap-in dialog box opens (see Figure A-22). Figure A-22. Certificates Snap-In Dialog Box 7. Select Computer account and then select [ Next ]. The Select Computer dialog box opens (see Figure A-23). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-15 Installing and Configuring the ACS Figure A-23. Select Computer Dialog Box 8. Select the Local computer option, and then select [ Finish ]. The Select Computer dialog box closes. 9. Select [ Close ] to close the Add Standalone Snap-in window. You can see the added entry “Certificates” in the Add/Remove Snap-in window. Figure A-24. New Certificate Entry in the Add/Remove Snap-in Dialog Box 10. Select [ OK ] to close the Add/Remove Snap-in window. 11. In the MMC Console1 explorer window, navigate to Certificates > Personal > All Tasks and left- Select Import (see Figure A-25). The Certificate Import Wizard dialog box opens (see Figure A-26). A-16 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-25. Importing the Certificate Figure A-26. Certificate Import Wizard Dialog Box 12. Select [ Browse ] and navigate to C:\certs\acsServerCertificate.pfx, and select [ Next ]. 13. Enter the password azimuth in the Password field, and select the field Mark the private key as exportable field (see Figure A-27). Then select [ Next ]. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-17 Installing and Configuring the ACS Figure A-27. Certificate Import Wizard Dialog Box 14. Select the option Place all certificates in the following store, and then select [ Next ] (see Figure A-28). A dialog box appears to verify completion of the certificate importation process. You have successfully installed the following certificate: acsserver.azimuth.local. Figure A-28. Certificate Store Dialog Box 15. Select [ Finish ] to close the wizard completion dialog box. Close any other dialog boxes that appear to indicate successful certificate importation. 16. Navigate to the Certificates > Trusted Root Certificate Authorities > Certificates > All Tasks and left-click Import. 17. Navigate to the path C:\certs\azimuthCCXBenchRootCA.cer and select [ Next ]. 18. Select [ Next ]. 19. Select [ Finish ]. The Azimuth CCX Benchmark Root Certificate Authority (CA) has now been installed; this is the issuing root certificate authority of the client certificate (console_clientCertificate.pfx). A-18 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 20. To ensure that the ACS server trusts client certificates created by Azimuth CCX Benchmark Root CA, you must install the issuing root certificate authority on the ACS server and then configure the ACS server to add this authority to its trusted list of certificate authorities. You can do this by doing the following: a. Open a web browser and navigate to the ACS server by entering the following URL: http://ACS-ip-address:2002/ where ACS-ip-address is the IP address of the ACS server. b. Select System Configuration. c. Select ACS Certificate Setup. d. Select Install ACS Certificate. e. Select the Use certificate from storage option. f. Enter the following certificate name in the Certificate CN field: acsserver.azimuth.local g. Select [ Submit ]. h. Select System Configuration > ACS Certificate Setup. i. Select the following link (found on the right side of the panel): Edit the Certificate Trust List. j. Select all check boxes that correspond to CAs that the ACS server should trust, (including Azimuth CCX Benchmark Root CA) (see Figure A-29). Figure A-29. Certificate Store Dialog Box k. Select [ Submit ]. 21. Navigate to the main admin page of the ACS server web pages. 22. Select System Configuration, and then select Service Control. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-19 Installing and Configuring the ACS 23. Select Restart to restart the ACS service. Note: Install the console_clientCertificate.pfx client certificate on each client station by copying the file to each client station and then double-clicking the file to initiate the Windows Certificate Import Wizard. During that installation process, use the password azimuth and check the Mark keys as exportable option. Configuring the ACS for Network Admission Control (NAC) The following procedure describes how to configure the ACS to do the following: ■ Configure a Network Access Filter and RADIUS Authorization Components. ■ Configure a Posture Validation Policy. ■ Configure a Network Access Profile. ■ Enable Client Posture Validation and Assessment Logging. PREREQUISITES: ■ Install and run the CiscoSecure ACS as described in “Installing and Configuring the ACS” (page A-4). Configuring the ACS for Network Admission Control (NAC): 1. Copy the file new_avps.ini from the Azimuth DIRECTOR (\data\tests\CCX\NAC) to the ACS server (\Program Files\CiscoSecure ACS v4.0\bin\). 2. Open a command window and enter the following command: csutil -addAVP new_avps.ini Messages appear to notify you that the new attributes were added to the database. Follow the onscreen instructions and restart the ACS computer. A-20 3. Open the CiscoSecure ACS Administrator by selecting the ACS Admin icon on the RADIUS Server desktop. 4. From the ACS main menu, select [ Interface Configuration ]. The Interface Configuration window appears (Figure A-30). Select RADIUS (IETF). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-30. Interface Configuration Window 5. Scroll down and ensure that [064] Tunnel Type, [065] Tunnel-Medium-Type and [081] TunnelPrivate-Group-ID are selected (Figure A-31). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-21 Installing and Configuring the ACS Figure A-31. RADIUS (IETF) Interface Configuration Window 6. A-22 From the ACS main menu, select [ Shared Profile Components ]. The Shared Profile Components window appears (Figure A-32). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-32. Shared Profile Components Window 7. Select Network Access Filtering and click Add to create a filter. The Network Access Filtering window appears (Figure A-33). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-23 Installing and Configuring the ACS Figure A-33. Network Access Filtering Window A-24 8. Provide a name for the filter. Select the network devices listed and using the arrow button, move all of the devices to the Selected Items field. You will notice that the devices listed are the APs that you have already configured as AAA clients. 9. Click [ Submit ] to add the filter. This Network Access Filter (Figure A-34) will be used later during the creation of the Access Service and will define the devices to which the Access Service applies. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-34. Network Access Filter Window 10. Return to the Shared Profile Components menu. Select RADIUS Authorization Components and click the [ Add ] button. The RADIUS Authorization Components window appears (Figure A-35). 11. Provide a name. A different RAC will be created for each of the three VLANs that are required for the Network Admission Control tests, so the name should be descriptive enough to identify which VLAN is being assigned. We will first create a RAC for VLAN 1 that will include Windows 2000 clients. 12. From the drop-down menu in the IETF field, select Tunnel-Type (64) and click [ Add ]. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-25 Installing and Configuring the ACS Figure A-35. RADIUS Authorization Components Window 13. The RAC Attribute Add/Edit page appears (Figure A-36). In the Value drop-down menu, select VLAN (13) and then click [ Submit ]. Figure A-36. RAC Attribute Add/Edit – Tunnel-Type Window A-26 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 14. Add a second attribute using the IETF drop-down menu again. Select Tunnel-Medium-Type (65) and click [ Add ]. In the Value drop-down menu on the RAC Attribute Add/Edit page (Figure A-37), select 802 (6) and then click [ Submit ]. Figure A-37. RAC Attribute Add/Edit – Tunnel-Medium-Type Window 15. Add a third attribute using the IETF drop-down menu again. Select Tunnel-Private-Group (81) and click [ Add ]. In the Value field on the RAC Attribute Add/Edit page (Figure A-38), enter 1 as the VLAN Number and then click [ Submit ]. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-27 Installing and Configuring the ACS Figure A-38. RAC Attribute Add/Edit – Tunnel-Private-Group-ID for VLAN 1 Window 16. Repeat steps 10 through 15 to create a second RAC for VLAN 2 that will include Windows XP clients. When adding the Tunnel-Private-Group-ID (81) (Figure A-39), enter 2 as the VLAN Number. Figure A-39. RAC Attribute Add/Edit – Tunnel-Private-Group-ID for VLAN 2 Window A-28 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 17. Repeat steps Figure A-41 through 13 to create a third RAC for VLAN 3 that will include clients with a changed posture. When adding the Tunnel-Private-Group-ID (81) (Figure A-40), enter 3 as the VLAN Number. Figure A-40. RAC Attribute Add/Edit – Tunnel-Private-Group-ID for VLAN 3 Window 18. The Radius Authorization Components window (Figure A-41) displays the three RACs you have created in steps 10 through 17. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-29 Installing and Configuring the ACS Figure A-41. RACs for CCX Testing 19. From the ACS main menu, select [ Posture Validation ]. The Posture Validation Components Setup window appears (Figure A-42). Select Internal Posture Validation Setup. Figure A-42. Posture Validation Components Setup Window 20. The Posture Validation Policies window appears (Figure A-43). Select the [ Add Policy ] button. A-30 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-43. Posture Validation Policies Window 21. The Posture Validation Policy window appears (Figure A-44). Input a name for the policy, and select [ Submit ]. Figure A-44. Posture Validation Policy Window 22. In the Edit Posture Validation Rules window (Figure A-45), add a rule for Windows 2000 clients by clicking the [ Add Rule ] button. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-31 Installing and Configuring the ACS Figure A-45. Posture Validation Rules Window 23. The Edit Posture Validation Rule window appears (Figure Figure A-46). In the Posture Assessment section, select Cisco:PA as the Credential and Healthy as the System Posture Token from the drop-down boxes. Enter a descriptive notification string. Select [ Add Condition Set ]. Figure A-46. Posture Validation Rule Window 24. The Add/Edit Condition window appears (Figure A-47). In the Attribute drop-down box, select Cisco:PA:OS-Type. In the Operator drop-down box, select contains. In the Value field, enter Windows 2000. Click enter and then [ Submit ]. A-32 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-47. Add/Edit Condition for Windows 2000 Clients 25. Click [ Submit ] in the Posture Validation Rule window (Figure A-48) to complete the rule addition. Figure A-48. Posture Validation Rule for Windows 2000 Clients Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-33 Installing and Configuring the ACS 26. Repeat steps 22 through 25 to add a second Posture Validation Rule for Windows XP clients. In the Posture Assessment section in the Edit Posture Validation Rule window, select Cisco:PA as the Credential and Quarantine as the System Posture Token from the drop-down boxes. In the Attribute drop-down box in the Add/Edit Condition window (Figure A-49), select Cisco:PA:OSType. In the Operator drop-down box, select contains. In the Value field, enter Windows XP. Figure A-49. Add/Edit Condition for Windows XP Clients 27. Repeat steps 22 through 25 to add a third Posture Validation Rule for clients with a changed posture. In the Posture Assessment section in the Edit Posture Validation Rule window, select Cisco:PA as the Credential and Infected as the System Posture Token from the drop-down boxes. In the Attribute drop-down box in the Add/Edit Condition window (Figure A-50), select Cisco:Script-001:Script-Name. In the Operator drop-down box, select !=. In the Value field, enter: Script “posture_file_01” A-34 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-50. Add/Edit Condition for Clients with a Changed Posture 28. The Posture Validation Rules window (Figure A-51) displays the three rules you have added to the NAC-TEST policy. Use the Up and Down buttons to move the Cisco:Script-001:Script-Name != Script “posture_file_01” rule to the top of the list. Click the [ Done ]. Figure A-51. Posture Validation Rules for CCX Testing Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-35 Installing and Configuring the ACS 29. The Posture Validation Policies window (Figure A-52) displays the three rules you have added to the NAC-TEST policy. Click the [ Apply and Restart ] button to complete the local posture policy addition. Figure A-52. Posture Validation Policy for CCX Testing 30. From the ACS main menu, click [ Network Access Profiles ]. The Network Access Profile window displays (Figure A-53). Figure A-53. Network Access Profile Window A-36 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 31. Click [ Add Profile ]. The Profile Setup window displays (Figure A-54). 32. Enter a name for the profile. Note: You also need to enter this profile name in the RADIUS Setup Tab in the Azimuth CCX Benchmark Test GUI so that the profile can be activated and deactivated automatically. Figure A-54. Profile Setup Window Note: Leave the Active box unchecked to disable NAC. NAC should be disabled for all CCX tests except the CCXv4, Section 5 (Network Admission Control) tests. The test script automatically enables and disables NAC as required when the NAC tests are run. 33. Select the NAF that includes the AP devices from the Network Access Filter (NAF) drop-down menu and click [ Submit ]. 34. In the Network Access Profiles window (Figure A-55), click Protocol. The Authentication Settings window displays (Figure A-56). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-37 Installing and Configuring the ACS Figure A-55. Network Access Profile for CCX Testing A-38 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-56. Authentication Settings Window 35. Click Populate from Global and verify that the authentication settings are configured as they were in the global authentication settings. 36. Scroll down to the EAP-FAST Authentication Settings section (Figure A-57). Set Posture Validation to None and click [ Submit ]. Note: Posture Validation should be disabled for all CCX tests, except CCXv4 Section 5 (Network Admission Control) tests. The test script automatically enables and disables Posture Validation as required when the NAC tests are run. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-39 Installing and Configuring the ACS Figure A-57. Authentication Settings – EAP-FAST Window 37. In the Network Access Profiles window (Figure A-55), click Authentication and, depending on the database option selected during installation, add ACS Internal Database or Windows Database (Figure A-58). Figure A-58. Add Database A-40 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 38. In the Network Access Profiles window (Figure A-55), click Posture Validation. The Posture Validation Rules window displays (Figure A-59). Click [ Add Rule ]. Figure A-59. Posture Validation Window 39. The Posture Validation Rule window displays (Figure A-60). Provide a name for the posture validation rule. Add Cisco:PA and Cisco:Script-001 to the list of Selected Credentials. Figure A-60. Posture Validation Rule Window Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-41 Installing and Configuring the ACS 40. Scroll down and select the Internal Posture Validation Policy that you created previously (Figure A-61). Figure A-61. Posture Validation Rule – Internal Posture Validation Policy Window 41. Scroll down and add descriptive PA Messages in the Assessment Result Configuration section (Figure A-62). Click [ Submit ]. A-42 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-62. Posture Validation Rule – Assessment Result Configuration Window 42. Click [ Done ] to complete the Posture Validation configuration in the Network Access Profile (Figure A-63). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-43 Installing and Configuring the ACS Figure A-63. Posture Validation Rule for CCX Testing 43. In the Network Access Profiles window (Figure A-52), select Authorization. The Authorization window appears (Figure A-64). Select [ Add Rule ]. Figure A-64. Authorization Rules Window A-44 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS 44. The Authorization Rules window appears (Figure A-65). Figure A-65. Authorization Rules for CCX Testing Window 45. To add the first authorization rule, select 0:Default Group as the User Group, Healthy as the Assessment Result, and Healthy as the Shared RAC. 46. To add the second authorization rule, click [ Add Rule ] and select 0:Default Group as the User Group, Quarantine as the Assessment Result, and Quarantine as the Shared RAC. 47. To add the third authorization rule, click [ Add Rule ] and select 0:Default Group as the User Group, Infected as the Assessment Result, and Infected as the Shared RAC. 48. Select Deny Access if a condition is not defined or there is no matched condition. 49. Click [ Submit ]. 50. From the ACS main menu, select [ System Configuration ]. The System Configuration window appears (Figure A-66). Select Logging. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-45 Installing and Configuring the ACS Figure A-66. System Configuration Window 51. The Logging Configuration window displays (Figure A-67). Select CSV Passed Authentications. Figure A-67. Logging Configuration Window 52. The CSV Passed Authentications File Configuration window appears (Figure A-68). Enable the Log to CSV Passed Authentications report. Add the following additional attributes to the Logged Attributes list: A-46 ❏ EAP Type ❏ Shared RAC ❏ System-Posture-Token Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS ❏ Cisco:PA:OS-Type (since this is the information our policy requests from the client) ❏ Reason Figure A-68. CSV Passes Authentications Logging Configuration Window 53. Select [ Submit ] to save the changes. 54. Repeat steps 51 through 53 for CSV Failed Attempts. After the ACS has been configured for Network Admission Control, reboot the ACS server to ensure that all configuration updates have taken effect. The ACS server should then be ready to authenticate and validate the posture for NAC enabled clients. Configuring the ACS for Automated Control The following procedure describes how to add an administrator user in the ACS so that the following tasks can be performed automatically on the ACS during CCXv4 testing: ■ ■ ■ ■ Activate or de-activate Network Admission Control (NAC). Allow or deny network access based on the Client Posture Assessment. Verify that the Client Posture is transmitted correctly during NAC. Set the Inner Authentication method, such as EAP-GTC, to be used with EAP-FAST and PEAP authentication. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-47 Installing and Configuring the ACS Note: You must close all Web browser windows that may be opened to the ACS server before running the CCXv4 tests. PREREQUISITES: ■ Install and run the CiscoSecure ACS as described in “Installing and Configuring the ACS” (page A-4). ■ Install the Java Runtime Environment (JRE) (version 1.5 or higher) on the Azimuth DIRECTOR (download from http://java.com/en/download/manual.jsp) Configuring the ACS for Automated Control: 1. Open the CiscoSecure ACS Administrator by selecting the ACS Admin icon on the RADIUS Server desktop. 2. From the ACS main menu, select [ Administrator Control ]. The Administration Control window appears (see Figure A-69). Figure A-69. Administration Control Window 3. A-48 Select [ Add Administrator ]. The Add Administrator window appears (see Figure A-70). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing and Configuring the ACS Figure A-70. Add Administrator Window 4. Enter the administrator name. 5. Enter the password and re-enter it to confirm. 6. To control ACS automatically, you will need to enter the administrator name and password in the ACS Username and ACS Password fields in the RADIUS Setup Tab in the Azimuth CCX Benchmark Test GUI. 7. Select Grant All to grant unrestricted privileges to the user you are creating (see Figure A-71). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-49 Upgrading the Cisco AP Figure A-71. Granting Unrestricted Privileges 8. Select [ Submit ] when done. Upgrading the Cisco AP The following procedure describes how to properly upgrade the Cisco APs in the Azimuth Systems CCX Benchmark test bed. This procedure describes how to properly copy the Cisco upgrade file to the AP, free up space on the AP if there is not enough room for the upgrade, and how to install the AP software upgrade. Note: The Cisco Aironet interface may not allow the transfer of the Cisco AP upgrade file. Please follow the instructions provided in this subsection to upgrade the Cisco AP. Upgrading the Cisco AP in the Test Bed: 1. Obtain the Cisco AP upgrade from the Cisco Systems web site. 2. Copy the Cisco AP upgrade file to the following path on the Azimuth DIRECTOR PC: c:/TFTPBOOT/ 3. A-50 Open a Telnet session between the Azimuth DIRECTOR and the Cisco AP and transfer the upgrade file to the AP by doing the following: Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring FTP a. In Windows, select Start > Run and enter the following in the Run dialog box: telnet n.n.n.n where n.n.n.n is the AP IP address. b. At the Telnet prompt, log in using Cisco as both the user name and password. c. At the AP’s CLI prompt, enter the enable password Cisco. d. Ensure that there is enough room in the AP flash directory by typing show flash in the AP CLI interface. e. If there is not enough free space to copy the upgrade software to the AP flash directory, delete unnecessary files. For example, consider deleting crash log files, which take up the most space and are often unnecessary after debugging problems with the AP. f. To delete files in the Cisco flash directory, enter the following (where filename is the name of the file you want to delete): del /force flash:<filename> 4. To copy the AP software upgrade from the Azimuth DIRECTOR to the AP flash directory and then install the upgrade, type the following (where 192.168.1.128 is the AP’s IP address and c1200-k9w7-tar.123-2.JA2.tar is the name of the AP upgrade file): archive download-sw /overwrite/reload tftp://192.168.1.128/c1200k9w7-tar.123-2.JA2.tar 5. When the new AP software upgrade has been copied and installed, the Cisco Aironet interface shows a diagnostic screen. You must either reload the AP by typing reload in the Telnet session or you must power cycle the AP. Configuring FTP FTP is automatically enabled on the Azimuth DIRECTOR. In the event that FTP is not enabled, use the following procedure to do so. 1. Select Windows Start > Settings > Control Panel. The Control Panel window opens. 2. Double-click Administrative Tools in the Control Panel. The Administrative Tools window opens. 3. Double-click Internet Services Manager in the Administrative Tools window. Internet Information Services window opens. 4. Double-click director to expand the explorer tree in the left pane. The Azimuth Director FTP Server option appears in the tree (Figure A-72). Figure A-72. Internet Services Manager Window Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-51 Configuring FTP 5. Right-click Azimuth Director FTP Server and select Properties in the pop-up menu. The Azimuth Director FTP Server Properties window opens (Figure A-73). Figure A-73. Azimuth DIRECTOR FTP Server Properties Window 6. Select the FTP Site tab. 7. Select the All Unassigned pull-down option for the IP address field. 8. Select [ OK ]. The Azimuth Director FTP Server Properties window closes. 9. Close the Internet Information Services window. 10. Right-click the My Computer icon on the desktop and select the Manage option. The Computer Management window opens. 11. Double-click Services and Applications in the left pane of the Computer Management window. 12. Select the Services in the explorer tree in the left pane of the Computer Management window. 13. Right-click the FTP Server option in the right pane and select the Stop option. 14. Right-click the FTP Server option in the right pane and select the Restart option. A-52 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring TFTP Configuring TFTP TFTP is automatically enabled on the following Azimuth DIRECTOR Test-Net subnet addresses: ■ ■ ■ 192.168.1.0 192.168.3.0 192.168.4.0 Note: The size of the subnet mask for each of these three subnet addresses is 24 bits. If the IP address of the DUT does not belong to one of these subnets, then you will have to manually configure TFTP; TFTP is used to transfer RM request files from the Azimuth DIRETOR to the APs. The following procedure describes how to enable TFTP on the Azimuth DIRECTOR Test-Net interface using the 3Com TFTP configuration utility. 1. In the Windows menu select Start > Settings > Control Panel. 2. Double-click 3COM TFTP. 3. Select the Network Card tab. 4. Select all the addresses configured on the Test-Net interface (192.168.1.1, 192.168.2.1, 192.168.3.1, 192.168.4.1) as shown in Figure A-74. Figure A-74. File Transfer Tab in the 3Com TFTP Window Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-53 Configuring the Cisco 4400 Controller 5. Restart the TFTP service using [ Stop ] and [ Start ] in the 3Com TFTP Service tab (Figure A-75). Figure A-75. Service Tab in the 3Com TFTP Window Configuring the Cisco 4400 Controller Before using the Cisco 4400 Controller for running CCX tests, follow the next series of steps to initialize the Controller. 1. Use a serial cable and an application such as Windows Hyperterminal to open a console connection into the Controller. In the details presented after step 2: a. The console output of the Controller is shown in blue. b. The text that you need to type is shown in red. c. '(Cisco Controller) >' is the Controller prompt. d. Lines beginning with '####' are comments. 2. If the Controller Configuration is set to Factory Defaults, you can skip to the next step and configure the Controller using the "Cisco Wizard Configuration Tool." Otherwise, reset the Controller to Factory defaults as shown below. (Cisco Controller) >reset system The system has unsaved changes. Would you like to save them now? (y/n) y Configuration Saved! System will now restart! ...... Enter User Name (or 'Recover-Config' this one-time only to reset configuration to factory defaults) A-54 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring the Cisco 4400 Controller User: Recover-Config Initiating system recovery process... please wait Rebooting system ....... 3. Configure the Controller using the "Cisco Wizard Configuration Tool" as shown below: Welcome to the Cisco Wizard Configuration Tool Use the '-' character to backup System Name [Cisco_40:f0:43]: #### Press <ENTER> to accept the default System Name. Enter Administrative User Name (24 characters max): admin #### Enter a user name that you can use to telnet into the Controller. #### You must enter this username as the "WLC Username" in the Options Setup tab in the Azimuth CCX Benchmark Test GUI. Enter Administrative Password (24 characters max): admin #### Enter a password that you can use to telnet into the Controller. #### You must enter this password as the "WLC Password" in the Options Setup tab in the Azimuth CCX Benchmark Test GUI. Service Interface IP Address Configuration [none][DHCP]: #### Press <ENTER> to accept the default DHCP setting. Enable Link Aggregation (LAG) [yes][NO]: #### Press <ENTER> to accept the default NO setting. Management Interface IP Address: 192.168.1.189 #### Enter an IP address in the same sub-net as the Test-Net. #### You must enter this IP address while adding a Light-weight AP in the DIRECTOR's "Connected Devices" Tool. Management Interface Netmask: 255.255.255.0 #### Enter the same sub-net as the Test-Net. Management Interface Default Router: 192.168.1.1 ### Enter the DIRECTOR Test-Net IP as the Default Router. Management Interface VLAN Identifier (0 = untagged): #### Press <ENTER> to accept the default 0 setting. Management Interface Port Num [1 to 2]: 1 #### Enter the Controller port number that is connected to the Test-Net Management Interface DHCP Server IP Address: 192.168.1.1 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-55 Configuring the Cisco 4400 Controller ### Enter the DIRECTOR Test-Net IP as the DHCP Server. AP Transport Mode [layer2][LAYER3]: #### Press <ENTER> to accept the default LAYER3 setting. AP Manager Interface IP Address: 192.168.1.249 #### Enter another IP address in the same sub-net as the Test-Net. AP-Manager is on Management subnet, using same values AP Manager Interface DHCP Server (192.168.1.1): #### Press <ENTER> to accept the default setting. Virtual Gateway IP Address: 1.1.1.1 #### Enter an IP address that does not exist Mobility/RF Group Name: Lab #### Enter any name Network Name (SSID): CCX1 #### Enter any name Allow Static IP Addresses [YES][no]: #### Press <ENTER> to accept the default YES setting. Configure a RADIUS Server now? [YES][no]: no #### Enter 'no' to skip RADIUS Server configuration. Warning! The default WLAN security policy requires a RADIUS server. Please see documentation for more details. Enter Country Code (enter 'help' for a list of countries) [US]: #### Press <ENTER> to accept the default US setting. Enable 802.11b Network [YES][no]: #### Press <ENTER> to accept the default YES setting. Enable 802.11a Network [YES][no]: #### Press <ENTER> to accept the default YES setting. Enable 802.11g Network [YES][no]: #### Press <ENTER> to accept the default YES setting. Enable Auto-RF [YES][no]: #### Press <ENTER> to accept the default YES setting. Configuration saved! Resetting system with new configuration... A-56 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE 4. When the Controller boots up, login to enable telnet and web access as shown below: User: admin Password:***** #### Enable telnet access (Cisco Controller) >config network telnet enable #### Enable Web Browser access (Cisco Controller) >config network webmode enable (Cisco Controller) > Note: The 4400 Controller supports a maximum of 5 simultaneous telnet connections. Ensure that there are no more than 4 telnet connections open to the 4400 Controller before running any test. Configuring WLSE Note: This section describes configuration of the WLSE version 2.9. Configuration of higher versions of WLSE may vary slightly. The following subsections describe how to configure the Cisco Wireless LAN Solution Engine (WLSE) for use with in the CCX benchmark test for tests 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio Monitoring and 4.7.5.3, WLSE Testing: Multiple RM Requests — Client Walkabout. ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ “Connecting the WLSE to the Network” (page A-58) “AP Discovery” (page A-58) “Specifying WLCCP Credentials for the WDS” (page A-59) “Running the Discovery Wizard to Seed Devices” (page A-59) “Viewing Discovery Logs” (page A-62) “Managing and Unmanaging devices” (page A-62) “Deleting RM Measurements” (page A-63) “Radio Monitoring” (page A-65) “Displaying Faults to Verify Rogue AP Detection” (page A-68) “Client Walkabout” (page A-68) “Creating a New Client Walkabout” (page A-68) “Running a Client Walkabout” (page A-72) “Radio Parameter Generation” (page A-73) Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-57 Configuring WLSE Reference the following Cisco documents for detailed information: ■ ■ User Guide for the Cisco Works Wireless LAN Solution Engine (part number 78-16193.01) Installation and Configuration Guide for the CiscoWorks Wireless LAN Solution Engine (part number 78-16345-01) Connecting the WLSE to the Network This subsection describes how to connect the WLSE to the physical test configuration. Note: Remember to configure the Azimuth DIRECTOR PC (192.168.1.1) as the default gateway (as shown in step 3 in the following procedure). Otherwise, you may not be able to log on to the WLSE using a web browser. Connecting the WLSE: 1. Connect the WLSE to Test-Net so that it can communicate with the Access Points used in the CCX Tests. You can connect either of the two Ethernet ports on the WLSE to the Test-Net switch. 2. Connect a monitor and keyboard to the WLSE, and log-on to it using the user name admin. 3. Configure an appropriate IP address in the Test-Net subnet on the WLSE interface that is connected to Test-Net. For example, if the WLSE is connected to Test-Net using the eth0 interface and you wish to configure the address 192.168.1.200 on the eth0 interface, use the following command on the WLSE CLI: interface eth0 192.168.1.200 255.255.255.0 default-gateway 192.168.1.1 4. Enter the WLSE IP address in the CCX GUI, in the Test-Bed Setup tab. 5. To use a browser from the Azimuth DIRECTOR PC to configure the WLSE, log-on to the WLSE and enable the http-server from the command line using the following commands: http-server accept 192.168.1.1 255.255.255.0 To use port 80 for HTTP access instead of the default port 1741: http-server port 80 AP Discovery When running tests 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio Monitoring and 4.7.5.3, WLSE Testing: Multiple RM Requests — Client Walkabout, you will be prompted to select some APs as managed by the WLSE. Run the Discovery Wizard on the WLSE, as described in the User Guide for the CiscoWorks Wireless LAN Solution Engine, and then select one or more APs as a Managed Device, as described in that guide. You need to run the Discovery Wizard only if the APs are not already discovered by the WLSE. A-58 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Specifying WLCCP Credentials for the WDS This subsection describes how to specify the Wireless LAN Context Control Protocol (WLCCP) RADIUS credentials for the Wireless Domain Service (WDS). See the User Guide for the CiscoWorks Wireless LAN Solution Engine for more details. 1. Log on to WLSE using your web browser. 2. Select Devices > Discover > Device Credentials > WLCCP Credentials. 3. In the Radius Username and Radius Password fields, enter the user name console and password azimuth. This is the same access information you entered in the RADIUS Setup tab of the CCX GUI (see Figure A-76). Figure A-76. Specifying RADIUS User Name and Password 4. To modify the WLCCP credentials, change the fields as needed. 5. To save the credentials, select Save. Running the Discovery Wizard to Seed Devices This subsection describes how to add seed devices in the WLSE. 1. Log on to WLSE using your web browser. 2. Select Devices > Discover > Discover > Discovery Wizard. 3. Select the Automatic Device Discovery based on Cisco Discovery Protocol discovery option (see Figure A-77). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-59 Configuring WLSE Figure A-77. Running the Discovery Wizard 4. Select Next. 5. Select Run Now for the Type of CDP Discovery option (see Figure A-78). Figure A-78. Starting CDP Discovery A-60 6. Select Next to continue. 7. Enter the SNMP community string. This should match the SNMP Community string configured in the CCX Tests GUI in the AP/Radius/WLSE Setup tab (see Figure A-79). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Figure A-79. Entering the SNMP Community String 8. Select Next. 9. Add seed devices by entering comma-separated IP addresses of all the APs used in the CCX tests (see Figure A-80). Figure A-80. Adding Seed Devices 10. Select Next. 11. Verify that your settings are correct and select Finish (see Figure A-81). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-61 Configuring WLSE Figure A-81. Verifying Settings Viewing Discovery Logs This subsection describes how to view discovery logs in the WLSE interface. 1. Log on to WLSE using your web browser. 2. Select Devices > Discover > DISCOVER > Logs. 3. To view details about the Run Now CDP Discovery—on-demand discovery job, select the job and select Discovery Run Detail. The Discovery Run Detail window shows the start and end times of the job run, whether it succeeded, and other details. 4. To refresh the display, select Refresh. Managing and Unmanaging devices This subsection describes how to use the WLSE to manage and unmanage devices. 1. Log on to WLSE using your web browser. 2. Select Devices > Discover > Managed Devices > Manage/Unmanage. The following folders are displayed: 3. 4. A-62 ❏ Newly discovered devices (New folder). ❏ Managed devices (Managed folder) ❏ Unmanaged devices (Unmanaged folder). To manage a Newly Discovered Device: ❏ Select the New folder. ❏ Select the devices you want to change. ❏ Select Manage. Devices will be moved into the Managed folders. To unmanage devices, select Unmanage. Devices will be moved into the Unmanaged folder. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Deleting RM Measurements This subsection describes how to delete radio monitoring measurements on the WLSE. Refer to the User Guide for the CiscoWorks Wireless LAN Solution Engine for more details. 1. Log on to WLSE using your web browser. 2. Select Sites > Manage Data (see Figure A-82). Figure A-82. Deleting Radio Monitoring Measurements 3. Choose both Radio and Walkabout Measurements to delete all measurements (see Figure A-83). Figure A-83. Deleting Measurements 4. Select Devices. All managed devices are listed in the Device selector in the middle pane (see Figure A-84). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-63 Configuring WLSE Figure A-84. Viewing Managed Devices 5. Select all devices. 6. Select Filter By PHY (see Figure A-85). Figure A-85. Selecting Filtering A-64 7. Select all 802.11 radio types. 8. Select Finish in the left pane. The data for the selected devices and radio types is deleted immediately (see Figure A-86). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Figure A-86. Selecting Radio Types Radio Monitoring Test 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio Monitoring, requires Radio Monitoring (RM) to be run on the WLSE, detailed next. Refer to the User Guide for the CiscoWorks Wireless LAN Solution Engine for help with Radio Monitoring. 1. Log on to WLSE using your web browser. 2. Select Radio Manager > Radio Monitoring. The Radio Monitoring Options window appears (see Figure A-86). Figure A-87. Selecting Radio Monitoring 3. Select Enable to monitor your WLAN environment (see Figure A-88). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-65 Configuring WLSE Figure A-88. Enabling the WLAN Environment 4. Select Clients for both Serving Channel Monitoring and Non-Serving Channel Monitoring. 5. Enable Add Newly Managed AP to Selected AP List. 6. Select AP. All managed devices are listed in the Device selector in the middle pane (see Figure A-89). Figure A-89. Listing Managed Devices A-66 7. Select the devices you want to monitor. 8. Select Filter By PHY to select the type of 802.11 radio that you want to monitor (see Figure A-90). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Figure A-90. Selecting Radio Types 9. Select Finish. The Finish dialog box appears (see Figure A-91). Figure A-91. Finishing 10. Select Save to save your radio monitoring options. Radio Monitor will now begin monitoring the devices you selected. Radio Monitoring takes measurements every 90 seconds (see Figure A-92). Figure A-92. Saving Options Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-67 Configuring WLSE Displaying Faults to Verify Rogue AP Detection To verify Rogue AP detection at the end of Test 4.7.5.2, WLSE Testing: Multiple RM Requests — Radio Monitoring, you can view Faults by following the next series of steps. 1. Log on to WLSE using your web browser. 2. Select Faults > Display Faults. The Fault window appears (see Figure A-93). Figure A-93. Displaying Faults 3. Use the Filter: bar to display the faults you want to view: 4. Enter the number of seconds (30 seconds or higher) to indicate how often you want the screen to refresh. The default is 300 seconds (5 minutes). Client Walkabout Test 4.7.5.3, WLSE Testing: Multiple RM Requests — Client Walkabout, requires a Client Walkabout job to be run on the WLSE. Refer to the User Guide for the CiscoWorks Wireless LAN Solution Engine for help with running a Client Walkabout job. Creating a New Client Walkabout The following procedure describes how to create a new client walkabout on the WLSE. A-68 1. Log on to WLSE using your web browser. 2. Select Sites > Client Walkabout (see Figure A-94). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Figure A-94. Creating a New Client Walkabout 3. Select New. 4. From the menu in the left pane, select Name and enter a name for the Walkabout job (see Figure A-95). Figure A-95. Naming the Client Walkabout 5. From the menu in the left pane, go to the next step, Select the APs (see Figure A-96). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-69 Configuring WLSE Figure A-96. Selecting APs 6. Select the APs you want to include in the session. 7. From the menu in the left pane, go to the next step, Select Radio Types. 8. Select Filter By PHY (see Figure A-97). Figure A-97. Selecting Radio Types 9. Select the type of 802.11 radio that will perform the client walkabout. By default, both options (11a and 11b/11g) are selected. 10. From the menu in the left pane, go to the next step, Enter Client MAC Addresses (see Figure A-98). A-70 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Figure A-98. Entering Client MAC Addresses 11. Select Enter Client MAC. 12. Enter the 802.11 MAC address of the DUT. You can obtain the DUT MAC Address from the start of the CCX Test Log. 13. From the menu in the left pane, select the next task, Enter Walkabout Options (see Figure A-99). Figure A-99. Entering Walkabout Options 14. Select Options. 15. Select the AP power setting (maximum). 16. Select Finish in the left pane (see Figure A-100). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-71 Configuring WLSE Figure A-100. Finishing Walkabout Settings 17. Select Save to add the walkabout to the list of client walkabouts (see Figure A-101). Figure A-101. Saving Client Walkabout to the Walkabout Client List Running a Client Walkabout This subsection describes how to run the walkabout on the WLSE. A-72 1. Log on to WLSE using your web browser. 2. Select Sites > Client Walkabout. A list of the current Client Walkabout sessions appears. 3. Select the name of the client walkabout session that you want to run from the list. 4. Select Start. 5. When you are prompted by the CCX Test Script, stop the walkabout. Select the walkabout session name from the list and select Stop. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Radio Parameter Generation Test 4.7.5.3, WLSE Testing: Multiple RM Requests — Client Walkabout, requires you to verify Radio Parameter Generation, detailed next. Refer to the User Guide for the CiscoWorks Wireless LAN Solution Engine for more details. 1. Log on to WLSE using your web browser. 2. Select Sites > Assisted Configuration. The RM assisted configuration information appears (see Figure A-102). Figure A-102. Radio Parameter Generation 3. Enter a task name in the blank field and select New. The screen refreshes with the Job Name dialog box in the right pane, and the Task Creation job in the left pane. 4. From the menu in the left pane, select Name and enter a valid name (see Figure A-103). Figure A-103. Naming the Job 5. From the menu in the left pane, go to the next step, Selecting Devices. 6. Select Select Devices. All managed devices are listed in the Device selector in the middle pane (see Figure A-104). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-73 Configuring WLSE Figure A-104. Selecting Devices 7. Select the devices you want to include in the job. 8. From the menu in the left pane, go to the next step, Filtering by PHY. 9. Select Filter By PHY (see Figure A-105). Figure A-105. Filtering by PHY 10. Select the type of 802.11 radio that you want to include in the assisted configuration task. 11. From the menu in the left pane, go to the next step, Assigning Constraints and Goals (see Figure A-106). A-74 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring WLSE Figure A-106. Assigning Constraints and Goals 12. Enter a number for the minimum transmit power and a number for the maximum transmit power. You might choose to enter a lower power setting when, for example, the default power level might affect a neighboring network. You must enter a numeric value greater than zero and less than 100. 13. Enter a numerical value for the expected maximum number of clients per AP and a numerical value for the expected average number of clients per AP. You must enter a numeric value greater than zero and less than 500 (see Figure A-107). Figure A-107. Specifying the Maximum/Average Number of Clients per AP and Enabling Black Hole Mitigation 14. Select whether to enable black hole mitigation. If you select this option, Radio Manager recommends a beacon interval, which is slightly altered from what the AP is configured to, for the APs. If you do not select the Black Hole Mitigation option, Radio Manager displays the beacon interval to which the AP is currently configured. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-75 Configuring WLSE After you assign the constraints and goals, the next step is for Radio Manager to calculate the parameters. In this step, you will see a progress bar that indicates the progress Radio Manager is making in its calculations. After Radio Manager calculates the parameters for the assisted configuration job, it displays the calculation results (see Figure A-108 and Figure A-109). Figure A-108. Calculating Parameters Figure A-109. Radio Parameter Generation Complete Window A-76 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring Chariot Configuring Chariot The functionality for WMM, WPA/WMM, and WPA2/WMM tests require the use of Ixia’s IxChariot software. Install the Chariot Console (server) software on the Azimuth DIRECTOR PC or another remote PC in its default install location. If you install the Chariot Console (server) software on a remote PC, make sure that you connect that PC to Test-Net and enter the remote PC’s IP address in the CCX GUI’s Chariot Console IP field (see Table D-D-2). Then install the Chariot Endpoint software on the Azimuth DIRECTOR PC and STM. For further details, refer to Section 14.4, WMM Information, in the CCX Test Plan (Cisco part number EDCS-230632). Note: The test script copies Chariot script files to the Chariot Console when a Chariot test is run. Ensure that File Sharing is enabled on the Chariot Console and disable firewall software that may interfere with File Sharing on the Chariot Console. The DIRECTOR uses the C$ administrative share to copy files to the Chariot Console. Ensure that the C$ share exists on the Chariot Console. You may need to enter a valid user name and password to connect to the Chariot Console from the DIRECTOR. Setting Up the CCX Noise Tests Azimuth Systems recommends running the CCX noise tests with white Gaussian noise. This section describes noise generation equipment and its configuration. The Azimuth CCX Benchmark Test supports automation of the following equipment (Figure A-110): ■ ■ ■ ■ HP 8672A Synthesized Signal Generator (or equivalent). Equivalent signal generators must meet the following criteria: ❏ 2-6 GHz frequency range ❏ +10 dBm power level ❏ 45 dB II, III, IV Harmonic Suppression ❏ Serial, GPB or Ethernet interface ❏ Synthesized tone signal type Agilent 33120A Waveform Generator Power meter to verify signal generator output level M/A COM M8HC-7 RF Double Balanced Mixer Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-77 Setting Up the CCX Noise Tests Figure A-110. Agilent 33120A Waveform Generator (L) and HP 8672A Synthesized Signal Generator To physically connect the aforementioned waveform generator and signal generator, you need to use the following equipment (each of the following numbered items are called out in Figure A-111): 1. Cable (BNC to BNC) 2. Adapter (BNC to SMAm) 3. Mixer 4. Cable (SMAm to N-typem) 5. Adapter (SMAm to SMAm) 6. Adapter (SMAf to N-Typem) Figure A-111. Connecting the Waveform Generator (L) to the Synthesized Signal Generator A-78 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing VNC There are three main connections between the generators and the test network: ■ ■ ■ The signal generator and waveform generator connect together as shown in Figure A-111. The generators connect to a GPIB (or serial) interface and USB interface before connecting to the Azimuth DIRECTOR. The signal generator connects to one of the RFMs on the Azimuth chassis (see Figure 1-1). The following steps describe how to configure the noise generator: 1. 2. 3. Configure the waveform generator to a GPIB (or serial) interface with the following settings: ❏ Noise Mode ❏ +7 dBm Configure the signal generator to a GPIB (or serial) interface with the following settings: ❏ +7 dBm (verify with a power meter) ❏ 802.11 channel to test (frequency) The noise generation equipment is now ready for you to run the Azimuth CCX Benchmark Tests. Installing VNC The following procedure describes how to install Real VNC’s Virtual Network Computing (VNC) on all STMs used in the CCX Pre-Certification Benchmark Test Suite. Note: Use VNC version 3.3.7 or higher. 1. Select [ Yes ] to install the VNC Server. The VNC Setup Wizard dialog box opens (see Figure A-112). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-79 Installing VNC Figure A-112. VNC Setup Wizard Dialog Box 2. Select [ Next ]. The VNC License Agreement dialog box opens (see Figure A-113). Figure A-113. VNC License Agreement Dialog Box 3. A-80 Select [ Yes ]. The installation folder destination dialog box opens (Figure A-114). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing VNC Figure A-114. VNC Installation Folder Dialog Box 4. Select [ Next ] to accept the default folder in which to install VNC Server (recommended). The VNC Start Menu Folder dialog box opens (Figure A-115). Figure A-115. VNC Start Menu Folder Dialog Box 5. Select [ Next ] to accept the default start menu folder in which to install VNC Server shortcuts (recommended). The VNC additional tasks dialog box opens (Figure A-116). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-81 Installing VNC Figure A-116. VNC Additional Tasks Dialog Box 6. Select the following two options: Register VNC Server as a system service and Start the VNC Server system service. Then select [ Next ] to accept the settings. The Ready to Install dialog box opens (Figure A-117). Figure A-117. VNC Ready to Install Dialog Box 7. A-82 Select [ Install ]. The VNC Server is installed. At the conclusion of the installation, a status message dialog box appears to indicate that the service was successfully registered and will run automatically the next time the system is rebooted (see Figure A-118). You can also access the service from the control panel. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Installing VNC Figure A-118. VNC Status Message 8. Select [ OK ] to close the status message dialog box. An error message dialog box opens (see Figure A-119). The error message indicates that there is no default password set and that the VNC Default Properties dialog box will appear. Figure A-119. VNC Error Message Dialog Box 9. Select [ OK ]. The VNC Default Properties dialog box opens (see Figure A-120). Figure A-120. VNC Default Properties Dialog Box 10. Create a password to use for VNC by entering admin (in lower case letters) in the password field. Then select [ OK ]. The VNC Setup dialog box opens (see Figure A-121). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-83 Installing VNC Figure A-121. VNC Setup Dialog Box 11. Select [ Next ]. A dialog box opens to indicate that the VNC Server has been successfully installed (see Figure A-122). Figure A-122. VNC Installation Process Complete Dialog Box 12. Select [ Finish ] to exit the installation program. A dialog box opens to indicate the Azimuth DIRECTOR installation is completed (Figure A-123). A-84 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Configuring the DHCP Server Figure A-123. Installation Process Complete Dialog Box 13. Select [ Finish ]. A message appears to indicate that you must restart the Azimuth DIRECTOR system. Restarting the system is necessary to accept the changes made during the installation. Configuring the DHCP Server The following procedure describes how to configure the DHCP scope option on the DHCP server in the CCX Pre-Certification Benchmark Test Suite. By default, the script configures the DHCP scope option, but if a problem occurs with scopes during CCX setup (i.e. CCX setup needs three simple scopes for 192.168.1.0, 192.168.3.0, 192.168.4.0 with 'Router' option and without using any superscope), you can use these steps to move to the standard configuration, and then return to the CCX configuration to run the CCX tests again. 1. On the DIRECTOR's Test Manager double-click DHCP Server Configuration Tool.The DHCP Server Configuration window displays. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 A-85 Configuring the DHCP Server Figure A-124. DHCP Server Configuration Tool 2. Click [ Standard ], which creates a superscope with 3 Test-Net sub-nets 192.168.1.0, 192.168.3.0, 192.168.4.0. Figure A-125. DHCP Server Configuration GUI Note: When you need to make the system ready for CCX testing, return to this window and click [ CCX ]. A-86 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Appendix B Automated Station Configuration Certain Azimuth Systems CCX Benchmark tests for the station under test cannot be automated because the functionality is not supported by supplicant software that is used to automate the tests. There are two ways to test the functionality that the selected supplicant does not support: ■ You can manually configure the station under test by entering the required information when prompted by the Azimuth CCX Benchmark Test. ■ You can automate the tests by writing a Tcl library that implements the necessary unsupported station library functions. For example, to automate test 4.3.1, AP Control Of Client Power, you must write a station library that contains the sta_set_encryption, sta_set_transmit_power and sta_get_transmit_power station library functions. The station library functions associated with each test that cannot be automated are specified in Table B-1. Table B-1. CCX Benchmark Test - Station Library Functions Test Case Test Section Station Library Functions 3.2.2.1 EAP TLS Functionality sta_set_eaptls 3.2.3.1 LEAP Functionality sta_set_leap 3.2.5.1 EAP TLS Functionality sta_set_eaptls 3.2.6.1 LEAP Functionality sta_set_leap 4.3.1 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.3.2 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.3.3 AP Control Of Client Power sta_set_encryption sta_set_transmit_power 4.3.4 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 B-1 Table B-1. CCX Benchmark Test - Station Library Functions (Continued) B-2 Test Case Test Section Station Library Functions 4.3.5 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.3.6 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.3.7 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.3.8 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.3.9 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.3.10 AP Control Of Client Power sta_set_encryption sta_set_transmit_power sta_get_transmit_power 4.4.1 AP-Assisted Roaming sta_set_encryption sta_get_transmit_power 4.4.2 AP-Assisted Roaming sta_set_leap 4.4.3 AP-Assisted Roam sta_set_encryption 4.4.4 AP-Assisted Roaming sta_set_encryption sta_get_transmit_power 4.5.1 CCKM Authentication sta_set_leap 4.6.1 PEAP Supplicant sta_set_peap 4.6.2 PEAP Supplicant sta_set_peap 4.6.3 PEAP Supplicant sta_set_peap 4.6.4 PEAP Supplicant sta_set_peap 4.7.1.1 Beacon Report sta_set_encryption 4.7.1.2 Beacon Report sta_set_encryption 4.7.1.3 Beacon Report sta_set_encryption sta_set_radio_measurements 4.7.1.4 Beacon Report sta_set_encryption sta_set_radio_measurements 4.7.2.1 Frame Report sta_set_encryption Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table B-1. CCX Benchmark Test - Station Library Functions (Continued) Test Case Test Section Station Library Functions 4.7.2.2 Frame Report sta_set_encryption 4.7.3.1 Channel Load Report sta_set_encryption 4.7.4.1 Noise Histogram Report sta_set_encryption 4.7.5.1 Multiple Measurements sta_set_encryption 4.7.5.2 Multiple Measurements 1 sta_set_encryption 4.7.5.3 Multiple Measurements sta_set_encryption 4.8.1 CCX Version Number sta_set_encryption 4.8.2 CCX Version Number sta_set_encryption 5.1.3 EAP FAST Functionality sta_set_eapfast 5.1.6 EAP FAST Functionality sta_set_eapfast 5.1.7 EAP FAST Functionality sta_set_eapfast 5.1.8 EAP FAST Functionality sta_set_eapfast 5.1.10 EAP FAST Functionality sta_set_eapfast 5.1.11 EAP FAST Functionality sta_set_eapfast prompt_verify 5.1.12 EAP FAST Functionality sta_set_eapfast prompt_verify 5.1.13 EAP FAST Functionality sta_set_eapfast prompt_verify 5.1.14 EAP FAST Functionality sta_set_eapfast 5.1.16 EAP FAST Functionality sta_set_eapfast 5.1.17 EAP FAST Functionality sta_set_eapfast 5.1.23 EAP FAST Functionality sta_set_eapfast 5.1.24 EAP FAST Functionality sta_set_eapfast prompt_verify 5.1.25 EAP FAST Functionality sta_set_eapfast prompt_verify 5.1.26 EAP FAST Functionality sta_set_eapfast prompt_verify 5.2.4 CCKM EAP FAST Functionality sta_set_eapfast 5.2.5 CCKM EAP FAST Functionality sta_set_eapfast 5.2.6 CCKM EAP FAST Functionality sta_set_eapfast 5.2.10 CCKM EAP FAST Functionality sta_set_eapfast Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 B-3 Table B-1. CCX Benchmark Test - Station Library Functions (Continued) B-4 Test Case Test Section Station Library Functions 5.2.11 CCKM EAP FAST Functionality sta_set_eapfast 5.3.1 WMM Functionality sta_set_encryption 5.3.2 WMM Functionality sta_set_leap 5.3.6 WMM Functionality sta_set_eapfast 5.3.7 WMM Functionality sta_set_eapfast 5.3.8 WMM Functionality sta_set_peap 5.3.9 WMM Functionality sta_set_encryption 5.3.12 WMM Functionality sta_set_leap 5.3.15 WMM Functionality sta_set_eapfast 5.3.16 WMM Functionality sta_set_peap 5.7.1 WPA2 Functionality sta_set_leap 5.7.2 WPA2 Functionality sta_set_eapfast 5.7.3 WPA2 Functionality sta_set_peap 5.7.4 WPA2 Functionality sta_set_leap 5.7.5 WPA2 Functionality sta_set_eapfast 5.7.6 WPA2 Functionality sta_set_peap 5.8.1 WPA2 WMM Functionality sta_set_leap 5.8.2 WPA2 WMM Functionality sta_set_eapfast 5.8.3 WPA2 WMM Functionality sta_set_peap 5.8.4 WPA2 WMM Functionality sta_set_leap 5.8.5 WPA2 WMM Functionality sta_set_eapfast 5.8.6 WPA2 WMM Functionality sta_set_peap 6.1.1 CCKM With EAP Authentication sta_set_eaptls 6.1.2 CCKM With EAP Authentication sta_set_ eaptls 6.1.3 CCKM With EAP Authentication sta_set_peap 6.1.4 CCKM With EAP Authentication sta_set_peap 6.1.5 CCKM With EAP Authentication sta_set_peap 6.1.6 CCKM With EAP Authentication sta_set_peap 6.1.7 CCKM With EAP Authentication sta_set_eapfast 6.1.8 CCKM With EAP Authentication sta_set_ eapfast 6.2.1.1 Layer 2 Roaming Enhancements sta_set_encryption 6.2.1.2 Layer 2 Roaming Enhancements sta_set_encryption Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table B-1. CCX Benchmark Test - Station Library Functions (Continued) Test Case Test Section Station Library Functions 6.2.2.1 Layer 2 Roaming Enhancements sta_set_encryption 6.2.2.2 Layer 2 Roaming Enhancements sta_set_encryption 6.2.2.3 Layer 2 Roaming Enhancements sta_set_encryption 6.2.2.4 Layer 2 Roaming Enhancements sta_set_encryption 6.2.3.1 Layer 2 Roaming Enhancements sta_set_encryption 6.2.4.1 Layer 2 Roaming Enhancements sta_set_encryption 6.2.4.2 Layer 2 Roaming Enhancements sta_set_encryption 6.2.4.3 Layer 2 Roaming Enhancements sta_set_encryption sta_voice_set_codec sta_voice_make_call sta_voice_drop_call 6.2.4.4 Layer 2 Roaming Enhancements sta_set_encryption 6.2.4.6 Layer 2 Roaming Enhancements sta_set_encryption 6.2.4.7 Layer 2 Roaming Enhancements sta_set_encryption 6.3.1 Network Admission Control sta_set_eapfast 6.3.2 Network Admission Control sta_set_eapfast 6.3.3 Network Admission Control sta_set_eapfast 6.3.4 Network Admission Control sta_set_eapfast 6.3.5 Network Admission Control sta_set_eapfast 6.4.2 SSIDL sta_set_encryption 6.4.3 SSIDL sta_set_eapfast 6.5.1 Call Admission Control sta_set_encryption sta_voice_set_codec sta_voice_make_call sta_voice_drop_call 6.5.2 Call Admission Control sta_set_encryption sta_voice_set_codec sta_voice_make_call sta_voice_drop_call 6.5.3 Call Admission Control sta_set_encryption sta_voice_set_codec sta_voice_make_call sta_voice_drop_call Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 B-5 Table B-1. CCX Benchmark Test - Station Library Functions (Continued) B-6 Test Case Test Section Station Library Functions 6.5.4 Call Admission Control sta_set_encryption sta_voice_set_codec sta_voice_make_call sta_voice_drop_call 6.6.1 Unscheduled Automatic Power Save Delivery sta_set_encryption sta_set_uapsd 6.6.2 Unscheduled Automatic Power Save Delivery sta_set_encryption sta_set_uapsd 6.7.1 Traffic Stream Metrics sta_set_eapfast sta_voice_set_codec sta_voice_make_call sta_voice_drop_call 6.9.1 EAP FAST Enhancements sta_set_eapfast 6.10.1 MBSSID sta_set_encryption 6.10.2 MBSSID sta_set_encryption 6.10.3 MBSSID sta_set_encryption 6.10.4 MBSSID sta_set_encryption 6.10.5 MBSSID sta_set_encryption 6.10.6 MBSSID sta_set_encryption 6.11.1 Location Based Services sta_set_encryption 6.11.2 Location Based Services sta_set_encryption 6.12.1 Keep Alive sta_set_encryption 6.12.2 Keep Alive sta_set_encryption 6.13.1 Link Test sta_set_encryption 6.13.2 Link Test sta_set_encryption Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Appendix C Configuration of Catalyst 3750G Switch and Cisco 3620 Router for VLAN Tests This note describes the configuration of the Cisco Catalyst 3750G switch and the Cisco 3620 Router in the test bed for the Azimuth CCX Pre-Certification Benchmark Test. This configuration supports tests that involve multiple VLANs. Note: The Azimuth CCX Test Suite no longer supports the use of the Azimuth DIRECTOR as the router between the VLANs. Ensure that the "Routing and Remote Access" service is configured using the Windows Services Control Panel on the DIRECTOR so that its Startup Type is Disabled and its Status is not Started (i.e., its Status is Stopped). Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 C-1 Note: Unified Tests that involve measurement of roam time (4.5.2, 4.5.3, 6.1.9, 6.1.11, 6.1.13, 6.1.15) required Port Monitoring to be configured in the Catalyst switch. These tests have been removed in CCX Test Plan 4.56; hence the Catalyst switch no longer needs to be configured for Port Monitoring. The Test-Net includes the following key components: ■ The Cisco Catalyst 3750G Ethernet switch ■ The Cisco 3620 (or similar) router, with IOS version 12.2 or higher ■ The Azimuth DIRECTOR as the DHCP Server for all VLANs Use the following procedure to configure the VLAN switch. Port numbers used in that procedure are for illustration purposes only; these port numbers should be changed as necessary. C-2 1. Configure Ports 1, 2, 3, 4 and 17 on the Catalyst 3750G switch as trunk ports (part of all VLANs VLAN1, VLAN2 and VLAN3). Enable 802.1Q encapsulation on these trunk ports. 2. Configure all remaining ports on the Catalyst 3750G switch to be part of the native VLAN (VLAN1). Disable 802.1Q tagging for VLAN1 on these ports. 3. Connect IOS AP1, IOS AP2 and IOS AP3 to Ports 1, 2 and 3, respectively on the Catalyst 3750G switch. 4. Connect the Cisco 3620 router to Port 4 on the Catalyst 3750G switch. 5. Connect the Cisco 4400 Controller to Port 17 on the Catalyst 3750G switch. 6. Connect the other devices, such as the Azimuth DIRECTOR, the WLSE, the Chariot Server, the ACS Server, and the three LWAPs to the other ports of the Catalyst 3750G switch. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Red port is a trunk port and part of all VLANs Cisco Catalyst 3750G Switch 1 2 3 4 5 6 7 8 9 10 1112 1314151617 Cisco 4400 Victory LWAP 1 Victory IOS AP 1 Victory IOS AP 2 Victory Victory LWAP 3 LWAP 2 ACS AAA Server Certificate Server Chariot Server Soft Token Server WLSE Server Client 1 VLAN 1 Client 2 VLAN 2 Cisco 3620 Router Victory IOS AP 3 Azimuth DIRECTOR Figure C-1. Cisco Catalyst 3750G Switch Configuration The Cisco Catalyst switch can be configured automatically by selecting the "Configure Catalyst Switch" option in the Test-Bed Setup tab in the Azimuth CCX Benchmark Test GUI while running any test. Typically, this automatic switch configuration should be done only once, and the "Configure Catalyst Switch" option should be de-selected for all subsequent test runs. Note: If you use the "Configure Catalyst Switch" option to configure the Catalyst switch automatically, the switch configuration is reset and changed. Be sure to save your old switch configuration in the event that you need to use that configuration later. The test script uses the "AP Username," "AP Password", and "AP Enable Password" specified in the Options Setup tab in the Test GUI to log on to the Cisco Catalyst switch. To configure the Cisco Catalyst 3750G switch manually as described above, reset it to its factory default settings and then use the following configuration commands: interface GigabitEthernet1/0/1 switchport trunk encapsulation dot1q switchport mode trunk exit interface GigabitEthernet1/0/2 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 C-3 switchport trunk encapsulation dot1q switchport mode trunk exit interface GigabitEthernet1/0/3 switchport trunk encapsulation dot1q switchport mode trunk exit interface GigabitEthernet1/0/4 switchport trunk encapsulation dot1q switchport mode trunk exit interface GigabitEthernet1/0/17 switchport trunk encapsulation dot1q switchport mode trunk exit To configure the Cisco 3620 Router, reset it to its factory default settings and then use the following configuration commands. The router interface number (fastEthernet0/0) and the IP address (192.168.1.140) used below are for the purpose of illustration only; use the router interface number and the IP address that is appropriate for your test-bed. Router(config)#ip mulicast-routing Router(config)#interface fastEthernet0/0 Router(config-if)#no shutdown Router(config-if)#no ip address Router(config-if)#no ip proxy-arp Router(config-if)#exit Router(config)#interface fastEthernet0/0.1 Router(config-subif)#encapsulation dot1q 1 native Router(config-subif)#ip address 192.168.1.140 255.255.255.0 Router(config-subif)#ip pim dense-mode Router(config-subif)#no ip proxy-arp Router(config-subif)#exit Router(config)#interface fastEthernet0/0.2 Router(config-subif)#encapsulation dot1q 2 Router(config-subif)#ip address 192.168.4.140 255.255.255.0 Router(config-subif)#ip helper-address 192.168.1.1 Router(config-subif)#ip pim dense-mode Router(config-subif)#no ip proxy-arp Router(config-subif)#exit Router(config)#interface fastEthernet0/0.3 Router(config-subif)#encapsulation dot1q 3 Router(config-subif)#ip address 192.168.3.140 255.255.255.0 Router(config-subif)#ip helper-address 192.168.1.1 Router(config-subif)#ip pim dense-mode Router(config-subif)#no ip proxy-arp Router(config-subif)#exit C-4 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Router(config)#router rip Router(config-router)#version 2 Router(config-router)#passive-interface fastEthernet0/0 Router(config-router)#network 192.168.1.0 Router(config-router)#network 192.168.3.0 Router(config-router)#network 192.168.4.0 Router(config-router)#exit Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.0 Router(config)#ip route 192.168.3.1 255.255.255.255 192.168.1.1 Router(config)#ip route 192.168.4.1 255.255.255.255 192.168.1.1 Note the following properties of the router configuration: 1. The configuration includes three virtual interfaces, fastEthernet1/0.1, fastEthernet1/0.2 and fastEthernet1/0.3. 2. The first virtual interface, fastEthernet1/0.1, is configured with a VLAN tag of 1 and is designated as the native VLAN interface. It is assigned a static IP address in the 192.168.1.0/255.255.255.0 sub-net, which is the primary sub-net of the DIRECTOR's Test-Net interface and for which a DHCP Scope is configured in the DIRECTOR's DHCP Server configuration. You may use any address in the 192.168.1.0 subnet; not necessarily the 192.168.1.140 address shown in the configuration example. The DHCP Server will assign an IP address in the 192.168.1.0/ 255.255.255.0 sub-net to clients that are part of the native VLAN. The Router's Native VLAN IP must be configured in the Test-Bed Setup Tab as shown in Figure 2. 3. The second virtual interface, fastEthernet1/0.2, is configured with a VLAN tag of 2. It is assigned a static IP address in the 192.168.4.0/255.255.255.0 sub-net, which is a secondary sub-net of the DIRECTOR's Test-Net interface and for which a DHCP Scope is configured in the DIRECTOR's DHCP Server configuration. Note that this virtual interface is not configured with a 192.168.2.0/ 255.255.255.0 address to avoid conflict with the DIRECTOR's Bus-Net. The DIRECTOR's primary Test-Net address (192.168.1.1) is configured as the helper-address on this virtual interface so that the same DHCP Server (192.168.1.1) can be used for clients on VLAN 2. The DHCP Server will assign an IP address in the 192.168.4.0/255.255.255.0 sub-net to clients that are part of VLAN 2. 4. The third virtual interface, fastEthernet1/0.3, is configured with a VLAN tag of 3. It is assigned a static IP address in the 192.168.3.0/255.255.255.0 sub-net, which is a secondary sub-net of the DIRECTOR's Test-Net interface and for which a DHCP Scope is configured in the DIRECTOR's DHCP Server configuration. The DIRECTOR's primary Test-Net address (192.168.1.1) is configured as the helper-address on this virtual interface so that the same DHCP Server (192.168.1.1) can be used for clients on VLAN 3. The DHCP Server will assign an IP address in the 192.168.3.0/255.255.255.0 sub-net to clients that are part of VLAN 3. 5. Routing is enabled amongst the 192.168.1.0, 192.168.3.0 and 192.168.4.0 networks via RIP. This allows clients on the different VLANs to communicate with each other. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 C-5 C-6 6. In the VLAN tests (EAP-FAST Functionality tests 5.1.10 and 5.1.23, NAC Tests 6.3.x and SSIDL test 6.4.3), the tester needs to verify data connectivity between a wireless client in VLAN 2 or 3 and a wired host. The CCX Test-Bed does not include a wired host in VLAN 2 or 3. It does, however, include the DIRECTOR on the native VLAN with secondary IP addresses of 192.168.3.1 and 192.168.4.1. To allow a wireless client in VLAN 3 (with a 192.168.3.x IP address) to ping, send and receive files by FTP, and receive multicast traffic from 192.168.3.1, a static host route is added on the router for destination 192.168.3.1 with gateway 192.168.1.1. For similar reasons, a static host route is added on the router for destination 192.168.4.1 with gateway 192.168.1.1. In addition, multicast-routing is globally enabled, and PIM is enabled on each virtual interface. This configuration allows the tester to verify data connectivity between a wireless client in VLAN 2 or 3 and a wired host without requiring the wired host to be part of VLAN 2 or 3. 7. "ip proxy-arp" is disabled on all of the interfaces on the Router, including the virtual interfaces, so that the DIRECTOR can ping hosts in the native VLAN with a 192.168.3.x or 192.168.4.x address. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Appendix D Azimuth CCX Pre-Certification Benchmark Test Parameters Tabs and fields within each tab of the CCX Pre-Certification Benchmark Test are shown and described in this appendix. Info Tab Figure D-1. Info Tab Table D-1. Info Tab Parameters Default Definition Value Parameter Value Test Engineer Alphanumeric N/A text Specifies the identity of the test engineer who is setting up and running the test. Location Alphanumeric N/A text Specifies the location of the test system. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-1 Table D-1. Info Tab Parameters (Continued) Parameter Value Output Directory Selected directory Default Definition Value N/A Displays the directory to which the test results will be saved for each test, including: • output.log — contains all data that appears in the log tab. • system.log — contains messages from the System Log tab. Test Comments Alphanumeric N/A text Specifies any comments with respect to the test or test setup. Test-Bed Setup Tab Figure D-2. Test-Bed Setup Tab - AP2 selected for Noise Generator Configuration D-2 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Figure D-3. Test-Bed Setup Tab - Automatic Configuration selected for Noise Generator Configuration Table D-2. Test Bed Setup Tab Parameters Parameter Value Default Value Band 802.11a Enabled Specifies that tests will be run with AP and client devices configured to operate on the 802.11a radio band. The basic rates on the APs are set to 6, 12 and 24 Mbps and the supported data rates are set to 9, 18, 36, 48 and 54 Mbps. 802.11b Enabled Specifies that tests will be run with AP and client devices configured to operate on the 802.11b radio band. The basic rates on the APs are set to 1 and 2 Mbps and the supported data rates are set to 5.5 and 11 Mbps. 802.11g Enabled Specifies that tests will be run with AP and client devices configured to operate on the 802.11g radio band. The basic rates on the APs are set to 6, 12 and 24 Mbps and the supported data rates are set to 9, 18, 36, 48 and 54 Mbps. Definition Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-3 Table D-2. Test Bed Setup Tab Parameters (Continued) Parameter Value Antenna (settings can be configured separately for each radio band type (i.e., “A” or “B/G”) Left Autonomous Default Value Definition Don’t change Specifies the antenna setting on the Access Points. You may connect the left or right or both antennas (using an RF combiner) to the RF port inside the RadioProof Enclosure (RPE) that contains the AP. By default, the test script does not change the antenna settings in the AP configuration. Select ‘Left’ ‘Right’ or ‘Diversity’ to configure the APs to use the antenna(s) that is (are) connected to the RPE. AP identifier N/A Specifies the three Autonomous (IOS) APs to be used in the CCX tests. These APs must be added to the Azimuth DIRECTOR using the Connected Devices Tool. AP identifier N/A Specifies the three Light-weight (Unified test-bed) APs to be used in the CCX tests. These APs must be added to the Azimuth DIRECTOR using the Connected Devices Tool, where you must enter the IP address of the 4400 Controller Management Interface as the DIRECTOR Control Port address. Captive Client (Client 2) N/A N/A Specifies the test bed client device, which is referred to in the test as Client 2. Use [ Browse ] to navigate to and select the appropriate client. WLA N/A N/A Specifies the Wireless LAN Analyzer (Airopeek) station to be used for capturing wireless traffic. Use [ Browse ] to navigate to and select the appropriate client. The selected WLA station should be connected from the front panel RF port to RFM 1, Port 2C. The other WLA station in the WLA module should be connected from the front panel RF port to RFM 2, Port 1C. Remote Chariot Console Enabled (checked) Disabled Specifies the use of a Chariot console on a remote PC. For more information about configuring a remote Chariot console, see your Azimuth Customer Support representative. Chariot Console IP address IP N/A IP address of the Remote Chariot Console. Configure Catalyst Switch Disabled Specifies that the Cisco Catalyst 3750G switch be configured automatically when a test is run. Typically, the automatic switch configuration should be done only once, and this option should be de-selected for all subsequent test runs. N/A IP address of the Cisco Catalyst 3750G switch. Right Diversity Don’t change AP1, AP2, AP3 Light-weight AP1, AP2, AP3 Disabled (unchecked) Disabled (unchecked) Enabled (checked) Catalyst Switch IP D-4 IP Address Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table D-2. Test Bed Setup Tab Parameters (Continued) Parameter Value Default Value Router's Native VLAN IP IP Address N/A IP address of the Native VLAN interface of the Cisco Router. WLSE IP IP Address N/A Specifies the IP address of the Cisco Wireless LAN Solution Engine (WLSE). Noise Generator Manual Enabled Configuration Definition Specifies that the noise generator is manually configured. Automatic Disabled Configuration Specifies that the Noise Generator will be configured through a software (Tcl) automation library. If you choose this option, you must specify the Vendor, Model and Version number of a Noise Generator for which you provide a Tcl automation library, or select a standard Noise Generator, such as the Agilent E8247C, for which Azimuth provides a Tcl automation library. You must also specify the control address of the Noise Generator and the login parameters (if any) that are required by the Noise Generator automation library. AP2 Specifies that AP2 will be used for generating noise in the Noise Histogram test. Disabled Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-5 RADIUS Setup Tab Figure D-4. RADIUS Setup Tab Table D-3. RADIUS Setup Tab Parameters Default Value Definition 192.168.1.1 Specifies the IP address of the RADIUS server. Parameter Value Radius Server IP IP Address (dotted decimal notation) Radius Server Port Integer (1645 1645 or 1812) Specifies the port number to be used by the RADIUS server. Radius Shared Secret alphanumeric azimuth text Specifies the shared secret to be used by the RADIUS server for authentication purposes. This value must be the same value as the secret for the ACS server. D-6 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table D-3. RADIUS Setup Tab Parameters (Continued) Parameter Value Default Value Definition Radius User Names alphanumeric Console text Specifies the user names to be used by the RADIUS server for authentication purposes. The default user name is used in all tests except the PEAP Supplicant tests (4.6.1 - 4.6.4). Tests 4.6.1 and 4.6.3 use the Active Directory user name, while Tests 4.6.2 and 4.6.4 use the OTP (One-Time Password) user name. Radius User Passwords alphanumeric azimuth text Specifies the passwords to be used by the RADIUS server for authentication purposes. The default password is used in all tests except the PEAP Supplicant tests (4.6.1 - 4.6.4). Tests 4.6.1 and 4.6.3 use the Active Directory user name, while Tests 4.6.2 and 4.6.4 use the OTP (One-Time Password) user name. Client Certificate alphanumeric Console text Specifies the common (or Issued-To) name of the Client Certificate to be used for EAP-TLS authentication. A certificate issued-to console issued by Azimuth CCX Benchmark Root CA is provided in the Certificates folder in the CCX tests folder (e.g., d:/azimuth/data/tests/CCX/certificates). Trusted Root Alphanumeric alphanumeric Azimuth text CCX Benchmark Root CA Specifies the name of the trusted Root Certifying Authority to be used for EAP-TLS and PEAP-GTC authentication. The root certificate of Azimuth CCX Benchmark Root CA is provided in the Certificates folder in the CCX tests folder (e.g., d:/azimuth/data/ tests/CCX/certificates). ACS User name String Administrator Specifies a user name with Administrator privileges that can be used to log on to the ACS. This is used for automated configuration of the ACS. For more details, refer to “Configuring the ACS for Automated Control” (page A-47). ACS Password String azimuth Specifies the password for the ACS user name entered. Network Access Profile String CCX-Profile Specifies the name of the Network Access Profile configured on the ACS. For more details, refer to the section Figure , “Configuring the ACS for Network Admission Control (NAC),” on page A20. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-7 DUT Setup Tab Figure D-5. DUT Setup Tab D-8 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table D-4. DUT Setup Tab Parameters Parameter Value Default Definition Value Device Under Test (Client 1) N/A N/A Specifies the wireless DUT that is referred to in the test as Client 1. Use [ Browse ] to navigate to and select the appropriate client. DUT (for parallel OS testing) N/A N/A Specifies the wireless DUT that is used as a secondary DUT. Each test case is repeated using the secondary DUT. For more details see “Repeating Tests With Two Operating Systems in Parallel” (page 7). Use [ Browse ] to navigate to and select the appropriate client. DUT Configuration Selected supplicant Manual Specifies the supplicant (or control manager) that is used to configure the selected device under test. In Manual mode, the user is prompted through popup dialog boxes to manually configure the device under test. Supplicant Version alphanumeric text N/A Specifies the version of the supplicant that is used to configure the selected device under test. This information is printed in the Test Log. In Manual mode — and when using a custom supplicant or control manager — you should enter the supplicant version information. If you select the Funk supplicant, the version number is automatically provided. Enter Tx power settings supported by Device Under Test - 802.11b/g String 1, 5, 10, Specifies the Tx power settings (in mW, separated by 20, 30, spaces) that are supported by the 802.11b/g DUT 50, 100 radio. These values are used to determine if tests that deal with AP Control of Client Power (4.3.1-4.3.10 and 4.4.1) can be run. Enter Tx power settings supported by Device Under Test - 802.11a String 2, 3, 6, 12 Specifies the Tx power settings (in mW, separated by spaces) that are supported by the 802.11a DUT radio. These values are used to determine if tests that deal with AP Control of Client Power (4.3.1-4.3.10 and 4.4.1) can be run. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-9 Table D-4. DUT Setup Tab Parameters (Continued) Default Definition Value Parameter Value WMM Tagging Type 802.1d Disabled Specifies the priority class of the traffic according to the four WMM access categories (voice, video, best effort and background). Voice and video have the highest priorities; best effort and background are the lowest priorities. DSCP Enabled Specifies that the Type of Service (TOS) field will be specified by the user using Diff-Serv Code Point (DSCP). This interpretation inserts the specified decimal value in the six most significant bits and masks the two least significant bits (with a value of zero). Enabled (checked) Enabled Specifies if the DUT supports Mixed Cell Mode. If this option is enabled, CCXv3 tests 3.2.3.1 and 5.3.1 test if the DUT can associate to an AP configured in Mixed Cell Mode. Mixed Cell Mode Disabled (unchecked) Display of AP IP Enabled (checked) Address Disabled (unchecked) Enabled Specifies if the DUT User Interface displays the AP IP Address. If this option is enabled, CCXv3 test 3.2.3.1 prompts the user to verify that the correct AP IP Address is displayed. Beacon Table Enabled Specifies if the DUT maintains a Beacon Table. If this option is enabled, CCXv3 test 4.7.1.1 checks if the DUT responds to the Beacon Report (Table Scan) request. If this option is disabled, test 4.7.1.1 passes even if the DUT does not respond to the Beacon Report (Table Scan) request. Enabled (checked) Disabled (unchecked) Disabling of Radio Measurements D-10 Enabled (checked) Disabled (unchecked) Enabled Specifies if the Radio Measurements can be disabled on the DUT. If this option is enabled, CCXv3 tests 4.7.1.3 and 4.7.1.4 check if the DUT does not respond to radio measurements when configured appropriately. If this option is disabled, tests 4.7.1.3 and 4.7.1.4 are skipped. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Test Selection Setup Tab Figure D-6. Test Selection Setup Tab for Windows DUT Figure D-7. Test Selection Setup Tab for ASD DUT Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-11 The Test Selection tab allows you to choose one or more tests to run. Tests are divided into two categories - Autonomous and Unified, and further sub-divided into groups based on the CCX Test Plan. Adjacent to each displayed test is a checkbox that can be selected to indicate that the selected test(s) should be run.. Note: A different list of tests is displayed if an ASD is selected as the DUT in the DUT Setup tab. Two buttons, [ Select Tests Not Run ] and [ Select Failed/Errored Tests ] are provided to facilitate the task of selecting all tests that fit into each button description. Clicking the [ Select Tests Not Run ] selects all the tests that have not been run or were interrupted before completion, indicated in the Results tab. Tests that have not been run have a Status of "Not Run" in the Results tab or are not displayed in the Results tab. For example, if you have run tests using the 802.11a band only, the Results tab does not display information on tests using the 802.11b band. Tests that were interrupted have a Status of "Running" in the Results tab. Note that this feature selects tests based on the Band you chose in the Test-Bed Setup tab. For example, suppose you select 802.11a and 802.11b in the Test-Bed Setup tab, and you have already run test 3.2.4.1 using 802.11a but not using 802.11b. In this case, clicking the [ Select Tests Not Run ] results in the selection of test 3.2.4.1. If, however, you select only 802.11a and not 802.11b in the Test-Bed Setup tab, clicking [ Select Tests Not Run ] does not result in the selection of test 3.2.4.1. Clicking the [ Select Failed/Errored Tests ] selects all the tests that failed or completed with an error when those tests were run the last time, as indicated in the Results tab. Note that this feature selects tests based on the Band you chose in the Test-Bed Setup tab. For example, if you select 802.11a and 802.11b in the Test-Bed Setup tab, and test 3.2.4.1 passed using 802.11a, but failed using 802.11b, clicking the [ Select Failed/Errored Tests ] results in the selection of test 3.2.4.1. If, however, you select only 802.11a and not 802.11b in the Test-Bed Setup tab, clicking [ Select Failed/Errored Tests ] does not result in the selection of test 3.2.4.1. Note also that a test case may be run several times, and the Results tab records the results of all the test runs (e.g., 1 Passed, 1 Failed). If the test passed in the last run, the Test Status is green; otherwise, it is red. The [ Select Failed/Errored Tests ] button selects tests based on the results of the last test run. Note: These two buttons do not un-select any test that you may have already selected. You can select all tests by selecting the "Autonomous" and "Unified" nodes in the test selection tree. Similarly, you may un-select all tests by un-selecting the "Autonomous" and "Unified" nodes. . D-12 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Options Setup Tab Figure D-8. Options Setup Tab Table D-5. Options Setup Tab Parameters Parameter Value Default Value Definition AP Username alphanumeric text Cisco Specifies the Autonomous (IOS) AP user name to use for the CLI interface. AP Password alphanumeric text Cisco Specifies the Autonomous (IOS) AP password to use for the CLI interface. AP Enable Password alphanumeric text Cisco Specifies the password that enables advanced configuration options on the Autonomous (IOS) AP. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-13 Table D-5. Options Setup Tab Parameters (Continued) Default Value Parameter Value Definition WLC Username alphanumeric text admin Specifies the user name to use to telnet into the Cisco 4400 Wireless LAN Controller. WLC Password alphanumeric text admin Specifies the password to use to telnet into the Cisco 4400 Wireless LAN Controller. SSID for DUT (Client 1) alphanumeric text CCX1 Specifies the SSID of Client 1 (the wireless DUT). SSID for Client 2 alphanumeric text CCX2 Specifies the SSID of Client 2 (the test bed client). Static WEP alphanumeric Key (128-bit) text 1234567890 Specifies the value of the 128-bit WEP security key. 1234567890 123456 SNMP Community public Specifies the SNMP community string. Roaming Rate 1 - 20 dB/s 2 dB/s Specifies the rate at which the path loss between the DUT and its associated AP is increased to cause the DUT to roam away from the AP. If this value is changed from the default (2 dB/s), test results are placed in a section labeled 'Custom' to indicate the deviation from the CCX Test Plan. Disable User Prompts Disabled Disables the display of popup dialog boxes prompting the user to configure the clients and other devices (such as the Noise Generator and the Wireless LAN Solution Engine (WLSE)), or to verify certain events (such as the setting of client Tx Power to some desired value or detection of rogue APs on the WLSE). Disabled Enables a quick-testing mode whereby a TFTP is tested using a small 5KB file instead of a 10MB file, and multicast operation is tested using 10 multicast packets instead of 600. alphanumeric text Enabled (checked) Disabled (unchecked) Quick Testing Enabled (checked) Disabled (unchecked) Note: Quick Testing may not comply with all CCX testing requirements. D-14 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table D-5. Options Setup Tab Parameters (Continued) Parameter Value Default Value Definition Reset AP Enabled Configuration (checked) at the start of Disabled each test case (unchecked) Disabled Enable this option if the test engine should reset the configuration of the three APs at the start of each test case. When you select multiple test cases to run, the test engine groups the test cases according to the required AP, and runs the tests in a group together. The AP configuration is always reset at the start of the first test case in each group. If this option is disabled, the AP configuration is changed only incrementally for the remaining test cases in the group. For more details, see “Selecting Multiple Test Cases for Faster Test Execution” (page 1-14). Continue with Disabled Test till the (unchecked) end if the Test Enabled fails (checked) Disabled Specifies that a test case will not terminate immediately and will continue as long as possible if a test failure is encountered. By default, this option is disabled and a test case will terminate immediately if a test failure is encountered. Use the Radio A following Radio B channels in test where test Radio G plan allows any channel to be used 36 Specifies the radio channel to be used in tests where the 1 CCX Test Plan allows the use of any channel. This 1 excludes the following tests: • CCXv2 AP-Assisted Roaming - 4.4.1, 4.4.3, 4.4.4 and 4.4.6. • CCXv2 Radio Measurement - 4.7.x.x • CCXv4 QBSS Channel Load - 6.2.1.x • CCXv4 Neighbor Response Frames - 6.2.2.4 • CCXv4 Adjacent AP Report Frame (Normal Roam, Load Balancing) - 6.2.4.2 • CCXv4 Traffic Stream Metrics - 6.7.1 • CCXv4 MBSSID - 6.10.x • CCXv4 Location Based Services - 6.11.x ASD Tab If you implement a custom ASD control library and define login parameters for connecting to the ASD, the ASD tab allows you to configure the custom login parameters for the ASD. In addition, the ASD tab allows you to specify the test tools supported by the ASD as described in Table D-6. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-15 Figure D-9. ASD Tab D-16 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Note: When iperf is used to generate multicast traffic from the DIRECTOR, the source IP address of the multicast traffic is the primary IP address of the DIRECTOR’s Test-Net interface, which by default is 192.168.1.1. The DUT will receive this multicast traffic if its wireless interface has an IP address in the same subnet (192.168.1.0). However, the DUT is assigned an IP address in the 192.168.3.0 subnet by default, if the DIRECTOR is used as the DHCP server. To change this, delete the DHCP reservation (if any) for the DUT on the DIRECTOR as follows: 1. Right-click on the My Computer desktop icon, and select the Manage menu option. 2. Expand Services and Applications, followed by DHCP and Scope [192.168.3.0] STA-Net-A. 3. Select Address Leases in the left pane and right-click the entry that matches the DUT’s 192.168.3.x address, and select Delete. 4. You must also uncheck Use Director as DHCP Server in the Options Setup Tab in the CCX tests GUI. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-17 Table D-6. ASD Tab Parameters Parameter Value Default Value Tools Enabled Enabled supported (checked) (checked) by the ASD: Disabled FTP (unchecked) Definition Specifies if the ASD supports file transfers using FTP. If this option is disabled, the following test steps are skipped: (a) Verify if a file can be transferred between the ASD under test and a wired host (b) Verify if a file can be transferred from the ASD under test to a wired host while the ASD performs a Radio measurement (c) Verify if the ASD under test asks the AP to buffer traffic while the ASD performs a Radio measurement In lieu of these steps, the test script prompts the user to transfer a large amount of data from the ASD to the Azimuth DIRECTOR using a method supported by the ASD. Tools Enabled Enabled supported (checked) (checked) by the ASD: Disabled Multicast (unchecked) Specifies if the ASD can send and receive multicast traffic. If this option is disabled, the following test step is skipped: (a) Verify if the ASD under test can receive multicast traffic from a wired host. In addition, the AP-Assisted Roaming Test and the CCKM Authentication Test are skipped because they use multicast traffic to measure roam time. Tools Enabled Enabled supported (checked) (checked) by the ASD: Disabled Chariot (unchecked) Specifies if the ASD can act as a Chariot endpoint. If the ASD does not support Chariot, the WMM Functionality Tests will fail because they require Chariot to generate prioritized traffic and measure the throughput of prioritized and non-prioritized traffic. To generate Use mcast multicast traffic from the Director Use iperf Specifies that the mcast tool be used to generate multicast traffic from the Azimuth DIRECTOR. The mcast tool generates multicast traffic that has the IP Protocol field set to 0xFF. Prompt the user D-18 Use mcast Specifies that the iperf tool be used to generate multicast traffic from the Azimuth DIRECTOR. The iperf tool generates UDP multicast traffic on the default iperf port (5001). Prompts the user to use a tool of their choice to generate multicast traffic from the Azimuth DIRECTOR with specified parameters. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table D-6. ASD Tab Parameters (Continued) Parameter Value Run Windows Tests Default Value Definition Enabled (checked) Disabled Specifies that CCX tests applicable to Windows clients should (unchecked) be run with the selected ASD under test. This option is useful for testing wireless clients on versions of the Windows Disabled operating system that are not supported on Azimuth STM or (unchecked) WSC modules. This includes the Windows Vista operating system. Enabling this option causes the following changes: • The Test Selection tab displays the list of tests that are applicable to Windows clients. • The test script assumes that the ASD under test supports features such as EAP-TLS authentication and CKIP/CMIC encryption that are required to be supported by Windows clients. • For WMM Functionality testing, the test script assumes that the ASD under test supports the maximum 802.11 bandwidth, instead of using the High_Performance_Throughput Chariot script to determine the maximum bandwidth supported by the ASD. • For Network Admission Control tests, you must specify the ASD Operating System – “Windows2000,” “WindowsXP,” “WindowsVista,” etc. The test script assumes that the CiscoSecure ACS is configured to assign clients running unsupported versions of Windows (such as Windows Vista) to VLAN 2. EAP Type Supported LEAP EAP-TLS EAP-FAST LEAP Specifies the EAP Authentication type to be used in the EAP Functionality tests (7.3.1 and 7.5.1). The CCX Test Plan allows the ASD Under Test to use LEAP, EAP-TLS or EAP-FAST in these tests. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-19 Log Tab Figure D-10. Log Tab Table D-7. Log Tab Parameters D-20 Parameter Value Default Definition Value [ Clear ] N/A N/A Clears messages from the log results window. [ Close ] N/A N/A Closes the dialog box and stops current testing. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 System Log Tab Figure D-11. System Log Tab Table D-8. System Log Tab Parameters Parameter Value Default Definition Value [ Clear ] N/A N/A Clears messages from the system log results window for this tab only. [ Close ] N/A N/A Closes the dialog box and stops current testing. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-21 Results Tab Figure D-12. Results Tab Table D-9. Results Tab Parameters Parameter Definition CCX Test # Specifies the number of the CCX test, which corresponds to the number assigned to that test in the CCX Test Plan. Description Summarizes the intent of the specified test. Status Shows the results of running the test. The results can be Not Run or Running, or the number of times that the test passed, failed, completed with errors or was skipped, e.g. 3 Passed, 1 Failed. The Status is displayed in green if the test passed in the last run, and in red if the test failed or completed with errors in the last run. Comment Specifies the test failure reason if a test fails. D-22 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Table D-9. Results Tab Parameters (Continued) Parameter Definition [ Export CSV ] Enables the export of the current test results in comma separated value (CSV) spreadsheet format. [ Export HTML ] Enables the export of the current test results in HTML format. [ GO ] Starts CCX testing. [ Clear ] Clears messages from the system log results window for this tab only. [ Close ] Closes the dialog box and stops current testing. Common Tab Parameters Table D-10. Common Parameters in All Tabs Parameter Value Verbose Logging On Default Definition Value Off When enabled, specifies that a highly detailed log of events be created. 0 Specifies the number of times the test will run. A Repeat Count of 0 means that all selected test cases will be run once. A Repeat Count of 1 means that all selected test cases will be run twice. Off Repeat Count 0 - 1024 Repeat a Test Case Only If It Fails On (checked) Off Gap 0.1 - 60.0 Off (not checked) 1.0 When enabled, a test case is repeated only if it fails. Test cases that pass are run only once. Specifies the delay that will occur in between running different test iterations. Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 D-23 D-24 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Index Numbers D 802.11/Noise Tab Parameters, D-6 DUT Setup Tab Parameters, D-9 A F AAA Client Configuring, A-8 Faster test execution, selecting multiple test cases for, 114 AAA Server Configuring, A-8 FTP Configuring, A-51 ACS Installing and Configuring, A-4 I ACS User Configuring, A-8 Implementing the ASD Control Library, A-1 AP/Radius/WLSE Tab, D-8 Importing Azimuth Certificates for PEAP/TLS Authentication, A-13, A-20 ASD Tab, D-15 Parameters, D-18 Info Tab, D-1 Parameters, D-1 Automated Station Configuration, B-1 Installing the ACS, A-4 Azimuth CCX Pre-Certification Benchmark Test Parameter Definitions, D-1 Introduction, 1-1 Azimuth Certificates Importing for PEAP/TLS Authentication, A-13, A-20 L C Log Tab, D-20 Parameters, D-20 CCX Benchmark Test Automation Support for, B-1 M CCX Noise Tests Setting Up, A-77 Multiple test cases, selecting, 1-14 Chariot Configuring, A-77 O Cisco AP Upgrading, A-50 Options Setup Tab Parameters, D-13 Common Parameters, D-23 P Common Tab Parameters, D-23 Configuring the ASD in the Azimuth Director Device Manager, A-2 Parameter Definitions 802.11/ Noise Tab, D-6 AP / Radius / WLSE Tab, D-9 Azimuth CCX Pre-Certification Benchmark Test, D-1 Common Parameters in All Tabs, D-23 Info Tab, D-1 Log Tab, D-20 Results Tab, D-22 System Log Tab, D-21 Test Bed Setup Tab, D-2, D-3 Configuring the Station Under Test STM, 1-8 Physical Configuration, 1-5, 1-6 Configuring Chariot, A-77 Configuring FTP, A-51 Configuring TFTP, A-53 Configuring the AAA Client, AAA Server and ACS User, A-8 Configuring the ACS, A-4 Configuring the Test Bed Client STM, 1-8 Configuring WLSE, A-57, A-58 R RADIUS Setup Tab, D-6 Index-1 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Parameters, D-6 WLSE and AP Discovery, A-58 Required Hardware/Software, 1-3 Azimuth-Provided, 1-3 WLSE and AP discovery, A-58 Required Hardware/Software, Customer-Provided, 1-3 Results Tab, D-22 Parameters, D-22 Reviewing Test Results, 1-19 RF Connections, 1-5 RUnning the Azimuth CCX Benchmark Test, 1-11 S System Log Tab, D-21 Parameters, D-21 T Test Bed Setup Tab, D-3 Parameters, D-3 Test Selection Tab, D-11 Parameters, D-11 TFTP Configuring, A-53 Theory of Operation, 1-2 U Upgrading the Cisco AP, A-50 V VLAN Configuration, C-1 VNC Installing, A-79 W WLSE client walkabout, creating, A-68 Configuring, A-57, A-58 configuring, A-57 deleting RM measurements, A-63 displaying faults to verify rogue AP detection, A-68 managing/unmanaging devices, A-62 Network Connection, A-58 network connection to, A-58 radio parameter generation, A-73 RM, A-65 seeding devices, A-59 specifying WLCCP for WDS, A-59 viewing discovery logs, A-62 walkabout, running, A-72 Using the Azimuth CCX Pre-Certification Benchmark Test Suite Rev. v4.6 Index-2