Interoperability report Ascom i62, sw 5.5.5 ZyXEL NWA5123-AC, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL WAC5302D-S, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL WAC6100 series, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL WAC6500 series, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL NXC2500, NXC5500, sw V5.0.0 (AAIG.3) / V1.02 17/03/2017 1
Introduction This document describes necessary steps and guidelines to configure the ZyXEL Communication Corps solutions WLAN platform with Ascom i62 VoWiFi handset. The guide should be used in conjunction with both ZyXELs and Ascoms configuration guide(s). About Ascom Ascom is a global solutions provider focused on healthcare ICT and mobile workflow solutions. The vision of Ascom is to close digital information gaps allowing for the best possible decisions anytime and anywhere. Ascom s mission is to provide mission-critical, real-time solutions for highly mobile, ad hoc, and time-sensitive environments. Ascom uses its unique product and solutions portfolio and software architecture capabilities to devise integration and mobilization solutions that provide truly smooth, complete and efficient workflows for healthcare as well as for industry and retail sectors. Ascom is headquartered in Baar (Switzerland), has subsidiaries in 15 countries and employs around 1,300 people worldwide. Ascom registered shares (ASCN) are listed on the SIX Swiss Exchange in Zurich.Wireless Solutions. About ZyXEL Communication Corps Focused on innovation and customer-centricity, Zyxel Communications Corp. has been connecting people to the internet for nearly 30 years. We keep promoting creativity which meets the needs of customers. This spirit has never been changed since we developed the world's first integrated 3-in-1 data/fax/voice modem in 1992. Our ability to adapt and innovate with networking technology places us at the forefront of understanding connectivity for telco/service providers, businesses and home users. We're building the networks of tomorrow, helping unlock the world's potential and meeting the needs of the modern workplace; powering people at work, life and play. We stand side-by-side with our customers and partners to share new approaches to networking that will unleash their abilities. Loyal friend, powerful ally, reliable resource we are Zyxel, Your Networking Ally.. 17/03/2017 2
Site information Test site Lumiad Veldzigt 24 3454PW De Meern The Netherlands Participants V. Lastdrager, Lumiad N. Crijns, Lumiad TEST TOPOLOGY 17/03/2017 3
Summary Please refer to Appendix B for detailed results for respective access point. ASSOCIATION / AUTHENTICATION Test Description Result #101 Association with open authentication, no encryption PASS #104 Association with WPA-PSK authentication, TKIP encryption PASS #105 Association with WPA-PSK authentication, AES-CCMP encryption PASS #106 Association with WPA2-PSK authentication, TKIP encryption PASS #107 Association with WPA2-PSK authentication, AES-CCMP encryption PASS #110 Association with PEAP-MSCHAPv2 auth, AES-CCMP encryption PASS #115 Association with multiple ESSIDs on AP PASS POWER-SAVE AND QOS #150 802.11 Power-save mode PASS #151 Beacon period and DTIM interval PASS #152 802.11e U-APSD PASS #202 WMM prioritization PASS ROAMING AND HANDOVER TIMES #401 Handover with open authentication and no encryption PASS #403 Handover with WPA-PSK authentication and TKIP encryption PASS #404 Handover with WPA2-PSK auth and AES-CCMP encryption PASS #408 Handover with PEAP-MSCHAPv2 authentication and AES-CCMP encryption PARTIAL* #409 Handover with EAP-FAST authentication with CCKM PASS #410 Handover using PMKSA caching PASS #411 Handover using PMKSA and opportunistic/proactive key caching PASS 17/03/2017 4
BATTERY LIFETIME #501 Battery lifetime in idle 75 hours to 94 hours #502 Battery lifetime in call with no power save 2 to 3 hours #504 Battery lifetime in call with power save mode U-APSD 7 to 10 hours BATTERY LIFETIME #601 Duration of call Active Mode PASS #602 Duration of call U-APSD Mode PASS 802.11n #801 Frame aggregation A-MSDU PASS #802 Frame aggregation A-MPDU PASS #804 40Mhz channels PASS #805 802.11n rates PASS *) See known OKC issue regarding WAC5302D-S on pp. 6-7. 17/03/2017 5
General conclusion The result of the verified test areas, such as authentication, association, handover and call stability test, showed very good findings. Some settings are required to ensure good voice quality on 5 GHz with WAC6500 series. The roaming times, on open, PSK and 802.1x MS-CHAPv2 were adequate and were in the range between 25ms to 70ms. The exception to this was the WAC5302 in combination with 802.1x MS- CHAPv2. Roaming times found were around 250ms, consistently, which indicate that OKC is not working properly. However loss of connection did not occur. It is strongly advised to keep roaming times below 150 ms. A number of settings are required to set in the ZyXEL Controller and i62 handset in order to get the best performance out of the handset. It is highly recommended to use QoS for the most optimal speech quality when in call. U-APSD/WMM is required for the most optimal battery usage. Without this setting the battery will drain rapidly! U-APSD is disabled by default in the system and must be enabled through the CLI on the Zyxel controller. The recommended setting for DTIM is 5. The tested battery lifetime on standby is around 80 hours. Keeping the DTIM to 1 (system default) will half the active standby and active call time. Note that the age of the battery in the handset has a great impact on battery life expectancy. An older battery will have less battery lifetime then a fresh one. It is recommended to follow the best practice of Ascom in regards to channel planning and channel bonding, as shown below: General guidelines when deploying Ascom i62 handsets in 802.11a/n/ac environments: 1. Enabling more than 8 channels will degrade roaming performance. Ascom recommends against going above this limit. 2. Using 40 MHz channels (or channel-bonding ) will reduce the number of non-dfs* channels to two in ETSI regions (Europe). In FCC regions (North America), 40 MHz is a more viable option because of the availability of additional non-dfs channels. The handset can co-exist with 40 MHz stations in the same ESS. 3. Ascom do support and can coexist in 80MHz channel bonding environments. The recommendations is however to avoid 80MHz channel bonding as it severely reduces the number of available non overlapping channels. 4. Make sure that all non-dfs channel are taken before resorting to DFS channels. The handset can cope in mixed non-dfs and DFS environments; however, due to unpredictability introduced by radar detection protocols, voice quality may become distorted and roaming delayed. Hence Ascom recommends if possible avoiding the use of DFS channels in VoWIFI deployments. *) Dynamic Frequency Selection (radar detection) It is highly recommended to deploy the VoWLAN network to the 5 GHz frequency whenever possible, due to non-overlapping channels and less chance of non-wifi interference. If 2.4 GHz does have to be used then it is recommended that 802.11b is turned off. 17/03/2017 6
The performance test cases #301-310 have not been executed, as the required amount of devices for the test (50+ handsets) were not available during the testing period. Known Issues When not enabling the U-APSD the handset s battery lifetime will last 3 to 4 hours. Therefore it is required to enable this setting at any given time. When U-APSD is enabled on a WAC6500 series 5 GHz radio, the radio will restart every 5 seconds. To prevent this from happening the 802.11n rates in the handset need to be disabled. When authenticating with WPA-PSK or WPA2-PSK in combination WAC5302D-S, do not use spaces in the passphrase. Spaces are not recognised as valid characters, although the GUI allows it to enter them and does not provide a warning. Roaming with the WAC5302D-S in combination with 802.1x security takes 200 ms to 250 ms, regardless of radio (Workaround: Use WPA2-PSK in VoWiFi deployments). Test Configuration Ascom WLAN Infrastructure Verification Software versions: ZyXEL NWA5123-AC, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL WAC5302D-S, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL WAC6100 series, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL WAC6500 series, sw V5.0.0 (AAIG.3) / V1.02 ZyXEL NXC2500, NXC5500, sw V5.0.0 (AAIG.3) / V1.02 Ascom i62, version 5.5.5 SNOM 300, version 8.7.5.35 Yealink VP-T49, version Signalling Protocol Yaestar MyPBX Configuration of WLAN System: Beacon Interval: 100ms DTIM Period: 5 802.11g(n) 802.11a(n/ac) WMM/ U-APSD Enabled (See appendix A on procedure to enable U-APSD) 802.11d Regulatory Domain: World mode Ascom i62 Configuration: World Mode Regulatory Domain set to World mode. 17/03/2017 7
IP DSCP for Voice: 0x30 (48) Class selector 6 IP DSCP for Signalling: 0x1A (26) Assured Forwarding 31 17/03/2017 8
Appendix A: Test configurations ZyXEL NXC2500 and 5500, ZyXEL NWA5123-AC, WAC5302D-S, WAC6100 series and WAC6500 series. In the following chapter you will find screenshots and explanations of basic settings in order to get the ZyXEL Communications Corp solution operational with Ascom i62. Please note that security settings were modified according to requirements in individual test cases. Create a Security Profile. Located under Configuration -> Object -> AP Profile -> Tab SSID -> Second Tab, Security List. 17/03/2017 9
Create a new profile by clicking on Add or edit an existing one Fill out the Profile name Select the Security mode Select PSK under Authentication Settings Fill out the Pre-Shared Key o NB. When using the WAC5302 do not use spaces in the pre-shared key Select the Cipher Type. AES is strongly recommended Click on OK to submit the settings Create an SSID. Located under Configuration -> Object -> AP Profile -> Tab SSID -> First Tab, SSID List. Create a new profile by clicking on Add or edit an existing one Fill out the Profile name Select the desired Security Profile Select WMM under QoS Band Select is not required for the i62 as it operates on only one frequency It is recommended not to enable Hidden SSID 17/03/2017 10
Create a Radio Profile. Located under Configuration -> Object -> AP Profile -> Tab Radio. At least two Radio Profiles need to be created. One to be used by the 2.4 GHz radio and one to be used by the 5 GHz. 17/03/2017 11
Create a new profile by clicking on Add or edit an existing one Click on Show Advanced Settings to display all settings Fill out the Profile name Select the desired 802.11 Band Select the desired Channel Width o NB. 20 MHz is recommended for both 2.4 GHz and 5 GHz Select the channel to be used with the Channel Selection o When using fixed channels select Manual and then the desired channels. Be aware that extra Radio Profiles need to be created for the other channels. 17/03/2017 12
o When using DCS select manual instead of auto in the 5 GHz Channel Selection Method then select 36, 40, 44, 48. Set the desire Country Code Set the Guard Interval to Long Set the DTIM to 5 Click on OK Create AP Group. Located under Wireless -> AP Management -> AP Group. 17/03/2017 13
17/03/2017 14
Create a new profile by clicking on Add or edit an existing one Fill out the Profile name Select the correct radio profile under Radio 1 AP Profile Input the desired Max Power Output o NB. Between 12 to 17 dbm is advised Select the SSID Profiles to be transmitted by Radio 1 o NB. It is advised to use only 5 GHz for the i62 Select the correct radio profile under Radio 2 AP Profile Input the desired Max Power Output o NB. Between 12 to 17 dbm is advised Select the SSID Profiles to be transmitted by Radio 2 Adjust the VLAN Configuration as required Enable Load Balancing if desired o NB. The i62 will make its own roaming decisions well before the load balancing feature does need to do anything. It has no impact on the roaming behaviour of the i62 Add the desired access points from the Available list to the Member List. Click on OK Activating U-APSD Open your favourite CLI tool, like PuTTY or Bitvise. Connect to the WLC with your tool. Enter the following commands into the command line: Router(config)# wlan-ssid-profile [default] Router(config-wlan-ssid default)# uapsd Router(config-wlan-ssid default)# exit Router(config)# write Where [default] needs to be replaced with the name of the SSID profile name to which the handsets will connect. NB. Please be aware that this is NOT an optional step, but a requirement for optimal battery performance. 802.1x usage If 802.1x is used, both the internal and an external RADIUS server can be utilised. ZyXEL Communications Corp supports both the internal RADIUS in the WLC, such as Microsoft NPS or FreeRADIUS. If the internal RADIUS is used the default RADIUS has to be configured in the security profile. Go to Configuration -> Object -> AP Profile -> Tab SSID -> Secondary Tab Security List. 17/03/2017 15
Create a new profile by clicking on Add or edit an existing one Fill out the Profile name Disable 802.11r (not supported by Ascom i62) Keep the Radius Server Type on Internal. Select 802.1X under Authentication Settings. Select default as Auth. Method. Click on OK. 17/03/2017 16
Next users need to be added. Go to Configuration -> Object -> User/Group Create a new user by clicking on Add or edit an existing one Provide the desired User Name Select user under User Type Provide the desired password under Password Retype the password Click on OK 17/03/2017 17
If an external RADIUS is used it needs to be configured. Configure the wanted external RADIUS under WLAN Controller -> Profiles -> RADIUS Profiles. If the internal RADIUS server of the WLC is to be used, please configure this under RADIUS Server -> General. 17/03/2017 18
Create a new profile by clicking on Add or edit an existing one Fill out the desired Name of the profile Fill out the Server Address Fill out the RADIUS port as the Authentication Port Provide the NAS password in the Key The complete configuration of the external RADIUS server is beyond the scope of this document. The external RADIUS should have the WLC in it as its trusted NAS device in order to provide 17/03/2017 19
Network settings Ascom i62 I62 networks settings for WPA2 In the 802.11a/n channels select either UNII-1 or advanced and fill out the recommended channels in the box below. The Advanced: 802.11 channels. Transmit gratuitous ARP is advised to enable for the switched infrastructure behind the access points. NB. When using the WAC6500 series select 802.11a instead of 802.11a/n! 17/03/2017 20
I62 network settings for 802.1X authentication (PEAP-MSCHAPv2) Set Security mode to PEAP-MSCHAPv2 Input the user credentials under EAP authentication user name Input the password under EAP authentication password Set Validate server certificate to No NB. The credentials can differ per i62 handset if required, depending on if the RADIUS server allows multiple devices to authenticate to the network on the same user account. 17/03/2017 21
I62 network settings for 802.1X authentication (TLS) Set Security mode to PEAP-TLS Input the user credentials under EAP authentication user name. This is the same name to which the certificate is generated Select the certificate under EAP client certificate Set Validate server certificate to No NB. The credentials can differ per i62 handset if required, depending on if the RADIUS server allows multiple devices to authenticate to the network on the same user account. 17/03/2017 22
Upload a Root Certificate to the phone Upload a Client Certificate to the phone 17/03/2017 23
Appendix B: Detailed Test Records: The tables below describes all tests that have been performed with the i62 VoWiFi handset and the different models access points. There is one column per model access point and one table per frequency. Per access point all tests have been performed twice. Once for 2.4 GHz and once for 5 GHz. Of the WAC6500 series both the WAC6502D-S and WAC6503D-S were tested. Test for 2.4 GHz NWA5123-AC WAC5302D-S WAC6103D-I WAC6503D-S Pass 28 28 28 56 Fail 0 0 0 0 Untested 7 7 7 14 Total 35 35 35 70 Test for 5 GHz NWA5123-AC WAC5302D-S WAC6103D-I WAC6503D-S Pass 28 28 28 56 Fail 0 0 0 0 Untested 7 7 7 14 Total 35 35 35 70 Please refer to the attached xlsx documents for detailed information regarding the tests. There is one excel file per access point model. WLANinteroperabili tytestreport_rev D - WLANinteroperabilityTestReport_Rev D ZyXEL - i62-handset 17032017.xls 17/03/2017 24
Document history Revision Date Author Description 001 17-03-2017 N Crijns Initial draft 002 31-03-2017 R Veenis Textual modifications 003 31-03-2017 N Crijns Final test additions 004 28-04-2017 N Crijns Reviewed additions 005 28-04-2017 M Nicolai Model corrections 17/03/2017 25