WLAN Configuration

802.11k, 802.11r, and 802.11v

802.11k, 802.11r, and 802.11v are integral in improving the the experience of Wi-Fi clients, specifically around mobility and roaming.  Mist supports all three.  Ultimately roaming is the decision of the client, however the infrastructure can help the client to make better roaming decisions 802.11k 802.11k helps clients discover neighboring APs, reducing the need for the...

Apply Multiple WLANs to APs

We bulk edit WLANs together and assign them to the intended APs with just a single UI configuration change.  You can select the WLANs you wish to edit together and make a single change to be applied across all of them.  In addition to adding APs to WLANs, you can also add and remove labels....

Apply to Access Points

This section in the WLAN configuration is used to control which Access points will get this WLAN configuration. By default, all the APs in a selected site or site-group will get the WLAN configuration and beacon the SSID. Based on the use-case or the requirements, filters can be applied to have the WLAN configured only...

Bonjour and Bonjour Gateway

Bonjour is a type of zero-configuration networking protocol that was developed by Apple, to enable auto discovery of devices and services on a local network. For devices and services to be discoverable by each other, they must be connected to the same network segment/same VLAN. Bonjour uses mDNS, which is DNS-form of queries that are...

Bridged Virtual Machine Support

By default Mist drops unknown DHCP responses to wireless clients, essentially the client must be directly associated to the AP for DHCP to be forwarded.  This will cause bridged virtual machines to fail DHCP.  Mist has a knob called enable wireless bridging which will allow bridged VMs to be able to connect to a Mist...

COA/DM Server

Configuring a network with your CoA/DM server is an easy process with the Mist dashboard.  Just follow the steps below – all you need is the IP address and shared secret of your server. Create a WLAN with EAP (802.1X) security by navigating to Network > WLANs and selecting Add WLAN.  Enter in your RADIUS server IP and secret....

Custom WLAN Forwarding

By Default the WLAN will output as tagged or untagged traffic though the primary Ethernet port Eth0 It is possible to send the entire SSID out of the second ethernet port – this is useful for complete isolation of voice or guest traffic – but it doubles cable costs, but can be used in a...

Data Rates

Supported data rates for clients may be modified per WLAN. Navigate to the Data Rates section under the WLAN configuration in template or site level WLANs. The PHY header is always sent at the minimum supported PHY rate for the band, it’s important to remember that the clients have to decode the MAC header in...

Geofencing

Geofencing feature allows the admin to configure the minimum client RSSI needed for a client to successfully connect to the network. This feature can be enabled to make sure a user is within your facility or coverage area before offering them service. To enable Geofencing, navigate to Organization > WLAN Templates, select the WLAN in...

Hotspot 2.0

Hotspot 2.0 (or Passpoint) allows automatic secured connections for mobile devices to enable seamless user experience for various use-cases, such as public guest networks, carrier WiFi offload, Eduroam services and many more. Passpoint enables automatic network connection regardless of the SSID name, rather relying on 802.11u information received in the beacon or via ANQP exchange...

Isolation and Filtering

Mist APs supports the below peer to peer (layer 2) isolation options. • Disabled – no peer-to-peer block enabled. Default behavior. • Same AP – This blocks peer to peer traffic on the same AP • Same Subnet – This blocks peer to peer traffic destined for the same subnet (wired and wireless). Please note...

Jumpcloud for Radius

Step #1 Login into your jump server <if not registered, register with your email> Active Directory and LDAP Reimagined   Step #2 Create your Radius client:   Click on Radius tab> click on “+” button to add radius server   We need to make sure, we add the external IP as radius client IP and...

MAC Authentication

Can be enabled with any security RADIUS Server then used to authenticate using MAC address as username and password Change of Authorization(COA) – again an external server can instruct the re-authentication of a client VLAN can also be untagged, tagged or dynamic in the same way as 802.1x wireless can. Optionally, ‘Guest Access with Mac...

Multi PSK

Every PSK (Pre-shared Key) has a Key Name This name is reported in the Mist Management platform Allows user level accountability with PSK simplicity If a PSK is compromised there is no need to change every client. Multiple users allow any number to use the key Single user ties this key to a specific MAC...

Multi PSK – Mist IoT Assurance

The Mist IoT Assurance cloud service streamlines IT operations while securing network connections for headless IoT and BYOD devices. It uses Multi Pre-Shared Key (MPSK) or Private Pre-Shared Key (PPSK) as new types of identity and policy vectors to provide a simple yet comprehensive way to onboard client devices without relying on client MAC addresses....

Personal WLANs

Personal WLANs are secure micro-segmented networks across a single WLAN.  These Personal WLANs are created by generating unique keys to access the SSID.  Each of these keys automatically creates a segment of the WLAN, isolated from the other Personal WLANs on the same network.  This is limited to 5000 PSKs (with suggested/select firmware) To set...

QoS Override

Override the QoS Priority in the WLAN Configurations page by selecting Override QoS and choosing Wireless Access Class from the dropdown menu.   For QoS override, on downstream (AP->Client), traffic gets marked with whatever QoS override Access Class value that is set. For upstream (Client->AP) marking is not supported so packets are marked with CS0.  

RadSec

RadSec is a protocol which allows RADIUS servers to transfer data over TCP and TLS for increased security.  With RadSec capabilities, you can transfer RADIUS packets through public networks while still ensuring end-to-end security through the transport layer.  This feature is configurable through using our Mist API or directly from the UI. UI configuration To...

SSID Scheduling

SSID Scheduling allows you to customize your WLAN by choosing the exact days and times to broadcast the SSID.  This scheduling function allows users to add multiple time ranges for each day. To use SSID Scheduling, navigate to Network > WLANS and either create a new one or click into an existing one to edit.  Find the SSID...

TKIP Security

Please note: TKIP Encryption is not available by default.  If you would like to use TKIP in your WLAN, please contact us and we will enable this feature for you. WPA-2 with TKIP is enabled for compatibility with older clients that cannot be connected with the AES encryption protocol.  If your device is compatible, we...

URL-redirect AVP

Requires 0.7 or newer firmware With our URL-redirect AVP function, you can now configure a WLAN to redirect a user to a particular web page after 802.1X authentication has been successfully completed.  This web redirect can be configured to give the user either full or partial access to the network.  Use the URL-redirect function to...

VLANs (Static & Dynamic)

STATIC VLANs First configure a WLAN by going to Network > WLANs and then select Tagged in the VLAN section to configure a static VLAN for your network.  Here, enter your VLAN ID and make sure the same VLAN is tagged on your switch port. By default a WLAN will be set not to use...

WEP Security

Please note: WEP Authentication is not available by default.  If you would like to use WEP in your WLAN, please contact us and we will enable this feature for you. WLANs with WEP are enabled for compatibility with older clients that cannot be connected with the more modern security security protocols such as WPA-2. If...

WLAN Rate Limiting

  WLAN rate limit feature enables the admin to cap out the maximum rate a user can achieve per WLAN, per user or per application. To configure rate limiting on a WLAN, navigate to WLAN configuration in template or site level WLAN and select the WLAN. WLAN Rate Limit Specify the total uplink /downlink for...

WLAN Security

WPA-2/PSK – standard pre shared key network. Reveal shows the key. WPA-2/EAP – Radius based authentication WPA-3/SE – passphrase with better security than WPA-2 Open Access – Un-encrypted network typically used for guest networks. WPA-2/PSK with Multiple Passphrases – hundreds of different keys can be used on the same WLAN MAC authentication – can be...

WLAN Status

These configuration knobs control enabling/disabling a WLAN on the access-points and other important configuration. Hidden SSID is supported – but not recommended. Access points will respond to probe requests. Radio Band – control on which band this SSID is published – 2.4 GHz, 5GHz , 6GHz Band Steering Band Steering technology detects whether a connected...

WLAN Templates and Configuration 

. . A WLAN template is a collection of WLAN policies, Tunneling Policies and WxLAN policies. WLAN template is a powerful tool for creating and managing WLAN configurations at an organizational level. WLAN templates are used for configuring the SSIDs and to dictate which SSIDs get applied to which sites/site-groups or AP device profiles. Creating...

WPA-2/EAP(802.1x) Security

Add primary RADIUS server at the top of the list Add Accounting servers if required. Multiple RADIUS Authentication and Accounting servers are supported. NAS Identifier – this can be used by the RADIUS server to make decisions NAS IP address – again can be used by the RADIUS server. Note: The IP address of each...