Trapeze Re-certification

19 06 2007

I just failed my Trapeze re-cert by two points. D’oh.

I was originally trained on version 1.0 of the software and it is now at version 5.x. Even though I’ve used it regularly, there are things in the later versions that I simply don’t have experience of…

So I thought I would write up my notes from the partner update training to get the new stuff to stick in my head.

New Features in Version 5 MSS

3-Year Self-Signed Certificates – Previously a self-signed certificate (generated on the MX rather than obtained from a certificate authority) only had a validity period of one year.

MX-MX Security – When a user roams to an MX that doesn’t have his VLAN, a tunnel is made between the two MXes. This can now be encrypted, for example if the MX that was roamed to is separated from the user’s “home” MX by an unsecure network.

Local Firmware on MPs – Some Mobility Points (the MP-372) can store their firmware locally. The purpose of this is to reduce the time it takes to boot up, and reduce the load on the MX that they boot from. The MPs still check if there is a newer version available though.

Keep-Initial-VLAN – This is a new service profile option. If an 802.1X user is not assigned to a VLAN by AAA, and subsequently roams to an MX where the VLAN he was in does not exist, a tunnel is set up so that the user stays in that VLAN. This does not work for web portal clients, however.

U-APSD – Unscheduled Auto Powersave Delivery is a powersaving mode for certain wi-fi handsets. Not sure of the details, but basically it prevents the wireless clients from waking up to hear non-important traffic. Note: this works in WMM QoS mode only.

WebView – there is now a web-interface for the MX switch that permits configuration of most things, including the creation of a service and authentication of users on that service by RADIUS.

Simplified Web-Portal Access – There used to be a special “system” user called last-resort-<SSID> to which unauthenticated users on a guest wireless network were assigned temporarily. This could be deleted by people who didn’t know what it was for, and this would break the guest access… That special user is now no longer needed. Note that the other special users (last-resort-wired and web-portal-wired) are still needed for wired guest users.

DHCP Options – If you make the MX into a DHCP server, you can now specify the DNS servers, domain name and default gateway for the MPs.

Airdefense – MPs can now be configured to be Airdefence sensors for IDS/IPS. You need to put a special .bin file onto the MX and push that out to the MP via the CLI, or configure the MP as an Airdefense sensor via Ringmaster. Airdefense alarms can also be received by Ringmaster.

Aeroscout – Permits RFID tracking. The tag information is picked up by the MPs and relayed to the Aeroscout tracking engine.

If you are upgrading to version 5, you need to be at least at version 4.7 before you do so.

Ringmaster Changes in Version 5

  • New dashboard
  • Planning licence has been moved from the client to the server
  • There is an incremental licence system. RMTS allows management of 1 MX and 5 MPs, and any 50 or 100 MP licences you add are added to that. Once more MP licences are added, the number of MXes manageable is then unlimited.
  • There is a Java webstart for Ringmaster.
  • There is now a web interface on the server.
  • Ringmaster is now available for OSX.
  • There’s something called RSSI smoothing. I don’t know what that means. Better find out I guess…



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: