Technology Solution Guide Deploying the Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution H/W Version: XM66 S/W Version : ROM 1.07.00.1067 H/W Version: XG100 S/W Version : ROM WM6_XG100_OSB55508 This document describes the best practices for configuring the Janam PDA and Janam gun with Aruba s secure mobility infrastructure.
WARRANTY DISCLAIMER THE FOLLOWING DOCUMENT, AND THE INFORMATION CONTAINED HEREIN IS PROVIDED ON AN "AS IS" BASIS. ARUBA MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR GUARANTEES AS TO THE USEFULNESS, QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF THIS DOCUMENT AND THE INFORMATION CONTAINED IN THIS DOCUMENT. DISCLAIMER OF LIABILITY Aruba Networks, Inc. disclaims liability for any personal injury, property or other damages of any nature whatsoever, whether special, indirect, consequential or compensatory, directly or indirectly resulting from the certification program or the acts or omissions of any company or technology that has been certified by Aruba Networks. Certification does not mean that the company is a subcontractor or under the technical control or direction of Aruba Networks. In conducting the certification program Aruba Networks is not undertaking to render professional or other services for or on behalf of any person or entity. Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 1
Table of Contents Table of Contents... 2 Introduction... 3 Solution Components... 3 Aruba Campus WLAN Solution... 3 Janam XM66 Rugged PDA... 4 Janam XG100 Rugged Gun... 4 ArubaEdge Solution Qualification... 5 Qualification Objective... 5 Network Topology... 5 Test Methodology... 6 Summary Test Results... 6 Known Limitations... 7 Conclusion... 7 APPENDIX A... 8 Configuration... 8 Janam XM66 Configuration and Settings... 8 Janam XG100 Configuration and Settings... 9 Aruba Mobility Controller Configuration and Settings... 10 About Aruba... 13 About Janam... 13 Product Support Information... 13 Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 2
Introduction This document describes the steps and guidelines necessary to configure Aruba s wireless LAN infrastructure to work interoperably with Janam s XM66 PDA and XG100 gun. The guide is intended to be used in conjunction with Aruba and Janam configuration guides. Please contact the respective company s sales engineering or support groups should additional information be required. Solution Verified: Janam XM66 PDA Janam XG100 Gun Aruba Product: Partner Solutions Tested: Aruba Wireless LAN Solution XM66W-1NGFBR00 ROM 1.07.00.1067 XG100W-LBGFBV00 ROM XG100_WM_ OSB55508 Solution Components Aruba Campus WLAN Solution Secure and reliable mobility is the responsibility of the enterprise network, which must support a wide range of converged clients over wireless, wired, and remote access networks. Laptops and smartphones are capable of simultaneously running voice, data, and now video applications, an operating model that breaks traditional dedicated VLAN and SSID architectures. Delivering the quality of service (QoS), bandwidth, and management tools necessary to accommodate these devices on a grand scale within a campus environment, to users on the road, and in branch offices requires a specially tailored system design. Aruba s unique application and device fingerprinting enable the system to detect the types of traffic flows, and the devices from which they originate. The network can then be dynamically conditioned to deliver QoS - on an application-by-application, device-by-device basis - as needed to ensure highly reliable application delivery. Aruba s integrated policy enforcement firewall isolates applications from one another to essentially create multiple dedicated virtual networks, and then allocates the necessary bandwidth for each user and application. To ensure reliable application delivery in changing RF environments, Aruba s Adaptive Radio Management (ARM) technology forces client devices to shift away from the noisy 2.4GHz band to the quieter 5GHz band, adjusts radio power levels to blanket coverage areas, load balance by shifting clients Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 3
between access points, and even allocates airtime based on the capabilities of each client device. The result is a superb user experience without any user involvement. These services are complemented by security systems that ensure the integrity of the network. Rogue detection, wireless intrusion and prevention, access control, remote site VPN, content security scanning, end-to-end data encryption, and other services protect the network and users at all times. Aruba s extensive portfolio of campus, branch/teleworker, and mobile solutions simplify operations and secure access to unified communications applications and services - regardless of the user's device, location, or network. This dramatically improves productivity, lowering capital and operational costs while providing a superior uninterrupted user experience. Janam XM66 Rugged PDA Janam s XM66 is a rugged mobile computer that delivers advanced barcode scanning and robust wireless LAN communications. The PDA features a powerful processor and mobile DDR memory for rapid memory access, fast data acquisition, and reduced power consumption. Janam s XM Series devices are sculpted to fit in the hand, weigh less than 10 ounces (283 grams), and have a full 3.5" (89mm) display. Built to withstand multiple 4 (1.2m) drops on concrete, and sealed to IP54 standards, these mobile computers are designed to operate in the presence of environmental extremes. Janam XG100 Rugged Gun Janam s XG100 rugged gun-shaped mobile computer was designed for scan-intensive, extended shift use in demanding environments. The XG100 features field-upgradeable 2D barcode scanning, secure Wi-Fi and mobile DDR memory. Industrial-grade construction (sealed to IP64 standards and designed to withstand multiple 6 (1.8m) drops to concrete) enables operation in hostile operating conditions. The battery is located in the handle, enhancing user comfort and productivity, and integrated EAS tags help protect the asset against theft. LED tail lights provide feedback during overhead scanning, and vibrator alerts offer positive feedback in loud environments. Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 4
Product Summary Manufacturer Janam Products Certified Hardware Model Numbers XM66W-1NGFBR00 WLAN 802.11 a/b/g XG100W-1DGDBV00 WLAN 802.11 b/g Software Version Numbers XM66 ROM: 1.07.00.1067 XG100 ROM: XG100_WM_ OSB55508 RF Features Tested Radio Supported QoS Features Supported / Tested Summit Data Communications SDCCF10G1 WMM capable ArubaEdge Solution Qualification Qualification Objective Validate the interoperability of the Janam XM66/XG100 on Aruba s wireless LAN infrastructure. Network Topology The figure below shows the reference topology used for RF interoperability testing. Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 5
Aruba Wireless LAN Settings The following Mobility Controller settings were used for the interoperability testis: RF settings o o Beacon interval: 100ms DTIM period: 3 beacon intervals Encryption/Authentication o o The scanners support and were tested for open authentication, WPA2 Personal, and WPA2 Enterprise OKC was enabled in the 802.1X Authentication Profile for WPA2 Enterprise key caching Adaptive Radio Management o ARM, band steering, and WMM/U-APSD were all enabled Janam XM66/XG100 Configuration and Settings The XM66 and XG100 were configured to connect to the Mobility Controller is accordance with the procedure shown in Appendix A. Test Methodology Connectivity was validated for various encryption types. Inter- and intra-vlan roaming times were measured to ensure that real-time applications can be supported. Summary Test Results Test ID Test Description Test Result 5.1 Basic Connectivity tests - Sanity Check PASS 5.2.1 Open SSID Association Time PASS 5.2.2 WPA / WPA-2 PSK Association Time PASS 5.2.3 WPA / WPA-2 Enterprise Association Time PASS 5.3.1 Roaming test with WAP2-PSK PASS 5.3.2 Roaming tests with WPA2-Enterprise PMK PASS 5.3.3 Roaming tests with WPA2-Enterprise OKC PASS 5.4.1 Power save mode tests Not tested Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 6
Known Limitations EAP Type errors: When configuring profiles on the SCU that do not use EAP types, an EAP type can be selected from the EAP Type drop-down menu. Attempting to commit a profile with an incorrect mix of Encryption and EAP types results in an error. Disabling the radio: If Disable is the shown on the Main tab of the SCU, changing to the Status tab and tapping the spacebar can disable the radio. Manual WEP configuration option: Scanning for an SSID set to CKIP Auto results in the configuration option of Manual WEP. User credentials request when returning to coverage area: Going out-of-range of an access point and then returning to the coverage area will cause some devices using WPA or WPA2 with a username and password configuration to display a pop-up box requesting the user s credentials. Ad hoc mode/channel mode support issue: Ad hoc mode does not support the BG Channel Mode setting in the Global tab. SCU Ad hoc connection shown before completed: When the radio mode is Ad Hoc, the SCU displays a connection five to ten seconds before the connection is actually established. This is consistent with the behavior of Windows Zero Config (WZC) when it is used instead of SCU. Incorrect AP name displays: When associated using an Ad Hoc profile with SD radios (such as MSD10G and MSD10AG), the SCU may display an incorrect AP name on the Status tab, i.e., it may use a Cisco AP name from a legacy, infrastructure mode profile connection. Auto profile and setmonitormode: When using the SDK function MonitorMode do not use auto-profile features. Instead Auto Profile should be disabled in the global settings. pspdelay support: The pspdelay setting is not supported on the SDC-MSD10G and SDCMSD10AG modules. Conclusion The tests validated that Janam s XM66 PDA and XG100 gun met the security, QoS, and connectivity requirements necessary for interoperable operation on Aruba s secure mobility infrastructure. 2011 Aruba Networks, Inc. Aruba Networks trademarks include, Aruba Networks, Aruba Wireless Networks, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System, Mobile Edge Architecture, People Move. Networks Must Follow, RFProtect, and Green Island. All rights reserved. All other trademarks are the property of their respective owners. Specifications are subject to change without notice. Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 7
APPENDIX A Configuration Janam XM66 Configuration and Settings Configure radio and security settings, monitor performance and activity, and troubleshoot issues using the Summit Client Utility (SCU). To run the SCU: From the Start menu, select Programs. Select the directory called Summit Locate the SCU icon and double-click. To configure the radio for your wireless network: Use the Admin Login button on the Main window to authenticate as an administrator (default password: SUMMIT). Create a profile on the Profile window, specifying all important parameters such as SSID, authentication method, and encryption type. Save the profile using the Commit button. To connect to your wireless network, go to the Main window and select the profile that you created. Default settings have been carefully selected and should not be changed. For detailed set-up and configuration please review the Summit Quick Start Guide (http://www.summitdatacom.com/documents/summit_quick_start_v3_03.html). Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 8
Janam XG100 Configuration and Settings Configure radio and security settings, monitor performance and activity, and troubleshoot issues using the Summit Client Utility (SCU). To run the SCU: From the Start menu, select Programs. Select the directory called Summit Locate the SCU icon and double-click. To configure the radio for your wireless network: Use the Admin Login button on the Main window to authenticate as an administrator (default password: SUMMIT). Create a profile on the Profile window, specifying all important parameters such as SSID, authentication method, and encryption type. Save the profile using the Commit button. To connect to your wireless network, go to the Main window and select the profile that you created. Default settings have been carefully selected and should not be changed. For detailed set-up and configuration please review the Summit Quick Start Guide (http://www.summitdatacom.com/documents/summit_quick_start_v3_03.html). Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 9
Aruba Mobility Controller Configuration and Settings ip access-list session allowall any any any permit user-role ArubaCertOpen access-list session allowall user-role ArubaCertPSK access-list session allowall user-role ArubaCertAuth access-list session allowall aaa authentication dot1x "apse-dot1x-dot1x_prof" termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 aaa authentication dot1x "apse-open-dot1x_prof" aaa authentication dot1x "apse-psk-dot1x_prof" aaa server-group "apse-dot1x" aaa profile "apse-dot1x-aaa_prof" authentication-dot1x "apse-dot1x-dot1x_prof" dot1x-default-role "ArubaCertAuth" dot1x-server-group "apse-dot1x" aaa profile "apse-open-aaa_prof" initial-role "ArubaCertOpen" aaa profile "apse-psk-aaa_prof" initial-role "ArubaCertPSK" authentication-dot1x "apse-psk-dot1x_prof" rf arm-profile "ARM_profile" min-tx-power 18 rogue-ap-aware voip-aware-scan backoff-time 120 wlan ht-ssid-profile "apse-dot1x-htssid_prof" wlan ht-ssid-profile "apse-open-htssid_prof" Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 10
wlan ht-ssid-profile "apse-psk-htssid_prof" wlan ht-ssid-profile "Company-Name-htssid_prof" wlan ht-ssid-profile "default" wlan ht-ssid-profile "pauls-company-htssid_prof" wlan edca-parameters-profile station "default" wlan edca-parameters-profile ap "default" wlan ssid-profile "apse-dot1x-ssid_prof" essid "apse-dot1x" opmode wpa2-aes wpa2-tkip ht-ssid-profile "apse-dot1x-htssid_prof" wlan ssid-profile "apse-open-ssid_prof" essid "apse-open" ht-ssid-profile "apse-open-htssid_prof" wlan ssid-profile "apse-psk-ssid_prof" essid "apse-psk" opmode wpa2-psk-aes wpa2-psk-tkip wpa-passphrase "arubacert1" ht-ssid-profile "apse-psk-htssid_prof" wlan virtual-ap "apse-dot1x-vap_prof" aaa-profile "apse-dot1x-aaa_prof" ssid-profile "apse-dot1x-ssid_prof" vlan 1 wlan virtual-ap "apse-open-vap_prof" aaa-profile "apse-open-aaa_prof" ssid-profile "apse-open-ssid_prof" vlan 1 wlan virtual-ap "apse-psk-vap_prof" aaa-profile "apse-psk-aaa_prof" ssid-profile "apse-psk-ssid_prof" vlan 1 ap-group "apse-cert" virtual-ap "apse-open-vap_prof" virtual-ap "apse-psk-vap_prof" virtual-ap "apse-dot1x-vap_prof" Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 11
ap-system-profile "apsys_prof-npl07" Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 12
About Aruba Aruba is a global leader in distributed enterprise networks. Its award-winning portfolio of campus, branch/teleworker, and mobile solutions simplify operations and secure access to all corporate applications and services regardless of the user s device, location, or network. This dramatically improves productivity and lowers capital and operational costs. Listed on the NASDAQ and Russell 2000 Index, Aruba is based in Sunnyvale, California, and has operations throughout the Americas, Europe, Middle East, and Asia Pacific regions. To learn more, visit Aruba at http://www.arubanetworks.com. For real-time news updates follow Aruba on Twitter and Facebook. About Janam Janam Technologies LLC is a provider of rugged, handheld computing devices for mobile workers. Janam combines deep industry knowledge with advanced technologies to deliver products and accessories that increase productivity, reduce costs, and improve customer satisfaction. Specializing in purpose-built mobile computers that scan barcodes and communicate wirelessly, Janam develops products for mission-critical applications in retail, healthcare, hospitality, manufacturing, and logistics. Product Support Information Aruba Support: http://www.arubanetworks.com/support.php Janam Support: http://www.janam.com/service-support.php Deploying Janam XM66 and XG100 with Aruba Networks Secure Mobility Solution 13