Appendix A: AP-Server Mutual Authentication

The AP-server communication begins with a mutual authentication step in which the AP and server authenticate each other using a shared secret. The AP-server communication takes place only if this authentication succeeds.

After the authentication succeeds, a session key is generated. All communication between the AP and server from this point on is encrypted using the session key.

The AP and server are shipped with the same default value of the shared secret. Both the server and the AP have CLI commands to change the shared secret.

Note: After the shared secret (communication key) is changed on the server, all APs connected to the server will automatically be set up to use the new communication key. APs that are not connected to the server at this time must be manually set up with the same communication key to enable communication with this server.
Note:Although the server is backward compatible—that is, older version APs can connect to a newer version server—this is not recommended.

Access Point Troubleshooting

The table below lists some of the troubleshooting guidelines for the access point (AP).
 
Problem Solution
The AP did not receive a valid IP address via the DHCP. Ensure that the DHCP server is on and available on the VLAN/subnet to which the AP is connected. If the AP still fails to get a valid IP address, you can reboot it to see if the problem is resolved.
Unable to connect to the server.
  • Ensure that the server is running and is reachable from the network to which the AP is connected. If a firewall or a router has Access Control Lists (ACLs) enabled between the AP and the server, ensure that traffic on UDP port 3851 is allowed.
  • Use the IP-based server discovery method and ensure that you have correctly entered the DNS name, wifi-security-server , on the DNS server.
  • Ensure that the DNS server IP addresses are either correctly configured, or are provided by the DHCP server.
  • The AP might fail to authenticate with the server. In this case, an 'Authentication failed ' event is raised on the server. Refer to the event for recommended action.
The AP has encountered a problem.
  • If you are using Arista Cloud Services, then open the TCP port 443 (SSL). If you have an on-premises installation, then open UDP port 3851 and port 80.
  • If you are using a Proxy, Web Accelerator, or URL Content Filter between the AP and the Internet, ensure that the settings allow communication between the AP and Arista Cloud Services.
  • If your configuration requires you to specify an exact IP address or IP range for Arista Cloud Services, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..

Connect Access Point to the Network

The device can be connected to the network by connecting through a LAN cable or a POE+ injector. If you are using a PoE+ injector, make sure the data connection is plugged into a suitable switch port with proper network connectivity.

To connect C-130E to the network, you should meet the following prerequisites:

  • Ensure that a DHCP server is already available on the network to enable network configuration of the C-130E.
  • DNS should be able to resolve the server discovery primary: redirector.online.spectraguard.net, secondary: wifi-security-server).
  • AP with valid IP address from DHCP server or a valid static IP address1 to communicate with Wireless Manager.
  • Check the LEDs Status on the device to ensure that it is operational and connected to the server.

If the conditions above are true, the device should be connected and ready to go operational.

Note:If zero configuration fails, the AP must be configured manually.
Important:If DHCP is not enabled on a subnet, the AP cannot connect to that subnet with zero-configuration. If the DNS entry is not present on the DNS servers, or if you do not have the DHCP server running on the subnet, you must manually configure the AP. For details on configuring an AP manually, see the Access Point Configuration guide on our website at https://www.arista.com/en/support/product-documentation .

Using C-130E with Power Adapter

To power up the device with power adapter, perform the following steps:

  1. Plug the power cable into the DC power receptacle at the rear of the device.
  2. Plug the other end of the power cable into an 110V~240V 50/60 Hz AC power source.
    Wait for few minutes for the device to power on. Further you can refer the LED details table to verify the functioning of the device.

Power the Access Point On

The C-130E device can be powered on by plugging one end of the Ethernet cable into the PoE+ (802.3at) switch or injector and the other end into the Ethernet/PoE+ port on the C-130E. Ensure the PoE+ source you are using is turned ON.

Note: You can also use regular PoE (802.3af). However, there are certain drawbacks to it:
  • The USB is disabled.
  • The other ethernet port is disabled.
  • The 2.4 GHz radio is downgraded to 1x1 TX/RX capability and Tx power of 15 dBm or lower, (or as set in the device template)
  • The 5 GHz radio is downgraded to 2x2 18 dBm or lower, (or as set in the device template)

As an alternative to PoE+, you can insert a power adaptor plug into an AC power outlet and the other end into the power input port on the C-130E.

Mounting Instructions using the Silhouette or Interlude Bracket Mount

The Silhouette/Interlude mounting bracket is not a part of the standard package and must be procured separately. The mounting instructions for the Silhouette/Interlude Bracket Mount are very similar to the Standard Package Content's mounting instructions. Refer to the instructions mentioned in Mounting Instructions using the Standard Package Contents .

Mounting Instructions using the Wall Mount Bracket

The Wall mounting bracket is not a part of the standard package and must be procured separately. Attach the wall-mounting bracket with the help of screws on to the wall. Pull the side latch to unlock the wall mount bracket. Affix the device on the wall mount bracket by placing the device stubs in the bracket's placeholder. Lock the side latch and affix the device firmly with the screw.

Mounting Instructions using the Standard Package Contents

The mounting procedure can be divided into two parts:

  1. Affixing the bracket to the T -grid: Use the mounting bracket to install the C-130E on the ceiling. Fix the bracket to the T-grid and rotate the bracket so that it snaps on the T-grid.

    The bracket is now parallel to an arm of the T-grid. Ensure that the bracket is properly snapped to the T-grid. Refer to the images given below.

  2. Mounting C-130E on the bracket: Place the first mounting post on the rear-side of the device on to the lower notch of the bracket. Rotate the device such that the center mounting post fits in to the center notch on the bracket. Ensure that all the mounting posts on the rear-side of the device are snapped in to the respective notches on the bracket.

    The mounting posts on the rear-side of the device are now properly fit in the respective notches of the bracket and device is mounted properly.

Mount the C-130E

The steps to mount the C-130E involve:
Important:To prevent disconnection or tampering by unauthorized personnel, it is extremely important to install the device such that it is difficult to unplug the device from the network or from the power outlet.
Note:You should label the devices using MAC addresses or at least your own convention. For example, use serial numbers, so that you can easily identify the devices.

Install the C-130E

This chapter contains the step wise procedure to install the C-130E device.

Zero-Configuration of C-130E as Access Point

Zero-configuration is supported under the following conditions:

  • The device is in AP mode with background scanning on and no SSID configured.

  • A DNS entry wifi-security-server is set up on all the DNS servers. This entry should point to the IP address of the server. By default, the AP looks for the DNS entry wifi-security-server.

  • The AP is on a subnet that is DHCP enabled.

Important:If the device is placed on a network segment that is separated from the server by a firewall, you must first open port 3851 for User Datagram Protocol (UDP) and Transport Control Protocol (TCP) bidirectional traffic on that firewall. This port number is assigned to Arista Networks. If multiple devices are set up to connect to multiple servers, zero-configuration is not possible. In this case, you must manually configure the APs. See the Access Point Configuration Guide on our website at https://www.arista.com/en/support/product-documentation .

Take a configured AP; that is, ensure that a static IP is assigned to the AP or the settings have been changed for DHCP. Note down the MAC address and the IP address of the AP in a safe place before it is installed in a hard-to-reach location. The MAC address of the AP is printed on a label at the bottom of the product.

The steps to install the device are as follows: