Deploying Microsoft Lync Server 2010: Best Practices to achieve optimal voice and video quality with Microsoft Lync Server 2010 on Aruba Wireless LAN

Deploying Microsoft Lync Server 2010: Best Practices to achieve optimal voice and video quality with Microsoft Lync Server 2010 on Aruba Wireless LAN infrastructure

Table of Contents Introduction 3 Unified communications and the mobile workforce 3 Solution components Aruba wireless LAN 3 Microsoft Lync Server 2010 (standard & enterprise) 4 Wireless LAN best practices for Microsoft Unified Communications Pervasive wireless coverage 5 Managing RF interference 6 Applying correct priority to mixed voice, video and data clients 6 Performance assurance for encrypted Microsoft Lync traffic 6 Microsoft Lync Server 2010 qualification 6 Overview of the topology 7 Hardwre, tools and versions 7 Recommended Aruba configurations 8 Test results 10 Lync data-only over Wi-FI 10 Lync fixed real time (RT)-multimedia over Wi-Fi 10 Lync mobility RT-multimedia over Wi-Fi 10 Conclusion 17 References 17 5 Aruba Networks, Inc. 2

Introduction Wi-Fi-enabled mobile devices like laptops, smartphones and tablets are on track to outnumber desktops, and enterprise networks are moving rapidly from wired to wireless as the preferred way to connect. The enterprise workforce expects unified voice, video, instant messaging (IM) and other applications that run on platforms like Microsoft Lync to work on these personal mobile devices. However, the voice and video experience on enterprise wireless LANs (WLANs) has been historically unreliable. Aruba WLANs, based on the Mobile Virtual Enterprise (MOVETM) architecture, deliver secure, application-aware network access, regardless of location, device, wired or wireless. This ensures a reliable, high quality unified communications experience. Qualified by Microsoft, the Aruba MOVE architecture identifies and prioritizes encrypted Microsoft Lync traffic over the lower priority data traffic. The result with Aruba is an astonishing improvement in communication quality compared to the competition even when there is congestion and RF interference. Unified communications and the mobile workforce Microsoft Lync ushers in a new connected user experience in which every communication is transformed into a more collaborative, engaging interaction. With its software-based approach, Microsoft Lync provides a highly secure system that functions reliably irrespective of the user s location, on top of existing networking. Lync is easy to manage, less expensive to deploy and operate, and uses a single interface to unite voice communications, IM, and audio, video, and Web conferencing into a rich, context-sensitive offering. To work effectively, Microsoft Lync needs to ride on top of a reliable, high performance, and secure networking infrastructure. One that is capable of deciphering the types of communications in motion and then conditioning the network to securely deliver them using Quality of Service mechanisms to ensure an optimal user experience. Aruba s 802.11n Wi-Fi solutions accomplish this task by offering connection speeds greater than 100BaseT Ethernet, enterprise-grade security, and multi-media Quality of Service (QoS). The combination of Microsoft Lync Server 2010 with Aruba s wireless LAN (WLAN) offers significant benefits, both for employees and the corporate IT. Correctly implemented, it delivers communications wherever users need network access inside and outside the enterprise. Solution components Aruba Wireless LAN Secure and reliable mobility is the responsibility of the enterprise network, which must support a wide range of converged clients over wireless, wired, and remote access networks. Laptops and smartphones are capable of simultaneously running voice, data, and now video applications, an operating model that breaks traditional dedicated VLAN and SSID architectures. Delivering the quality of service (QoS), bandwidth, and management tools necessary to accommodate these devices on a grand scale within a campus environment, to users on the road, and in branch offices requires a specially tailored system design. Microsoft Lync Server 2010 uses an encrypted signaling protocol that is highly secure but renders useless the traditional snooping mechanisms of identifying SIP signaling or the consequent real-time traffic. Thus real-time traffic is treated and processed in the same way as competing best-effort traffic, i.e., with lowest priority. The problem is exacerbated when multiple real-time and non-real-time applications run on the same client devices, like laptops and smart phones, because of the challenges of isolating and prioritizing just the real-time traffic. Aruba s unique application and device fingerprinting technology can identify Lync streams in session and the devices from which they originate. The network can then be dynamically conditioned to deliver QoS on an application-by-application, device-by-device basis as needed to ensure highly reliable application delivery. Aruba s integrated policy enforcement firewall isolates applications from one another to essentially create multiple dedicated virtual networks, and then allocates the necessary bandwidth for each user and application. Aruba Networks, Inc. 3

In addition to identifying the SIP exchange, application fingerprinting also observes the packets as they flow through the WLAN, detecting patterns that match the behavior of Lync voice and video traffic. Once identified, the packets are tagged as media traffic (Class of Service [CoS] and Type of Service [ToS] tags). These QoS tags are translated across the Aruba system to over-the-air WMM-Voice and WMM-Video priority and QoS aware Adaptive Radio Management behavior to ensure that the packets receive appropriate QoS over the Aruba MOVE WLAN solution. To ensure reliable application delivery in changing RF environments, Aruba s Adaptive Radio Management (ARM) technology forces client devices to shift away from the noisy 2.4 GHz band to the quieter 5 GHz band, adjusts radio power levels to blanket coverage areas, load balances by shifting clients between access points, and even allocates airtime based on the capabilities of each client device. The result is a superb user experience without any user involvement. These services are complemented by security systems that ensure the integrity of the network. Rogue detection, wireless intrusion and prevention, access control, remote site VPN, content security scanning, end-to-end data encryption, and other services protect the network and users at all times. Aruba s extensive portfolio of campus, branch/teleworker, and mobile solutions simplify operations and secure access to unified communications applications and services regardless of the user s device, location, or network. This dramatically improves productivity, lowering capital and operational costs while providing a superior uninterrupted user experience. Microsoft Lync Server 2010 (standard & enterprise) Microsoft Lync 2010 enhances enterprise communications with a suite of user productivity features: Audio, Video and Web conferencing Enterprise-grade Voice over IP One-click communications Persistent chat Integration with leading PBX solutions and SIP Trunking The Lync architecture is centered on the concept of sites, each of which contains Lync Server 2010 components. A typical site consists of computers running Lync software and connected together by one or more high performance, low-latency local area networks. A central site includes at least one Front End pool or Standard Edition server. A branch site is associated with a single central site whose servers deliver the Lync functionality used at the branch sites. Each branch site contains either a Survivable Branch Appliance or local server for supporting unified communications capabilities for end-users such as PSTN calling and intra-branch IM, video and desktop sharing when the WAN connection to the central site is unavailable. Every deployment must include at least one central site. If branch sites are deployed then each is affiliated with one central site, which delivers to the branch those Lync services that are not otherwise available at the branch site, i.e., presence and conferencing. Aruba Networks, Inc. 4

800 800 Deploying Microsoft Lync Server 2010 Central Site Domain Controller Branch Site 1 DNS Load Balancing } Edge Server Pool } DNS Load Balancing Parent Domain Child Domain contoso.com CA/DNS Survivable Branch Appliance WAN File Share retail.contoso.com Exchange UM Server Branch Site 2 HTTP Reverse Proxy DNS Load Balancing Director Pool A/V Conferenceing Pool DNS Load Balancing Back End Servers PSTN Gateway Monitoring Server Front End Pool PSTN PSTN Gateway Figure 1. Reference Topology with high availability and a single data center. (Source: Microsoft http://technet.microsoft.com/en-us/library/gg425939.aspx) Every server running Microsoft Lync Server 2010 runs one or more server roles including: Front End Server and Back End Server running basic functions and the system database; A/V Conferencing Server delivering conference mixing functionality; Edge Server to enable users to communicate and collaborate with user s outside the firewall; Mediation Server for implementing PSTN connectivity; Monitoring Server for collecting statistics and performance data; Archiving Server to archive instant messages and meeting content; and Director to authenticate user requests and provide presence and conferencing services. Pools of servers running the same role can be deployed for high availability, with a load balancer used to spread traffic as necessary. Figure 1 above shows a typical reference topology with limited high availability. Please refer to Microsoft s Lync documentation (http://technet.microsoft.com/en-us/lync ) for a library of other deployment scenarios. Wireless LAN best practices for Microsoft Unified Communications Mobility presents a number of unique challenges for Unified Communications that are not experienced with wired networks. These challenges must be overcome to ensure an uninterrupted mobile unified communications user experience. These challenges, together with Aruba best practices to alleviate these challenges, are summarized below. Pervasive wireless coverage Real-time services like voice and video are intolerant of poor RF conditions. They demand high signal levels with good signal-to-noise ratios. To support multimedia services, it is important to ensure that WLAN coverage extends pervasively to all parts of the building, with uniformly good signal levels. RF channels must be selected to avoid the interference sources that are present in every modern enterprise. Aruba Networks, Inc. 5

Aruba s ARM technology continually optimizes RF coverage based on measurements of signal strength and interference reported by WLAN access points, ensuring that client devices always enjoy the high signal levels required for good voice and video performance. ARM maximizes coverage and network capacity, while avoiding interference. It is the sum of these features that optimizes voice and video quality. Managing RF interference Wireless interference is time varying and can arise unexpectedly. In most cases an Aruba wireless LAN will automatically adapt and mitigate the effects of interference, but sometimes that s not possible. In these cases the network needs to open a window of visibility into the RF environment, without the expense of a truck roll, to help network engineers understand what s happening. Aruba s 802.1n access points incorporate spectrum analyzers that provide on-demand monitoring, logging, and characterization of the RF environment. This feature can be enabled remotely so that distantly located network engineer can assess how best to mitigate issues like continuous high level fixed frequency transmitters that can t otherwise be addressed automatically by ARM. Wi-Fi is a broadcast medium in which over-the-air packets collisions are a fact of life. These collisions can result in dropped packets or consume bandwidth by forcing packet retransmission, both of which have detrimental effects on real-time like voice and video traffic. ARM mitigates these issues by using band steering to redirect 5 GHz-capable clients away from the congested 2.4 GHz band and up to the quieter, higher capacity 5 GHz band. This feature is particularly well suited for PC users running Lync since most modern laptops support 5 GHz operation. Applying correct priority to mixed voice, video, and data clients The traditional approach to enterprise VoIP has been to use a separate voice VLAN to segregate and prioritize voice traffic. This model breaks down when a Lync enabled PC or mobile device transmits both voice and data traffic. The device can belong to only a single VLAN which should it be, voice or data? Aruba s application-aware architecture can identify and police individual sessions from a device, dynamically prioritizing them by traffic type without need to relegate them to different VLANs. With this network intelligence, a single WLAN SSID, matched with a single VLAN, can offer full voice control and prioritization in presence of lower priority data traffic. The end result is a better user experience and less IT overhead managing VLANs. Performance assurance for encrypted Microsoft Lync traffic The signaling channel for Microsoft Lync is encrypted, and as a call setup and teardown cannot be easily monitored. And yet, without visibility to this information, it is difficult if not impossible to identify and prioritize real-time traffic. Aruba s heuristics-based application fingerprinting continuously inspects UDP sessions set up over the WLAN to identify those that are RTP and carry voice or other multimedia traffic. When such streams are identified, they are automatically tagged with the correct voice priority. Microsoft Lync Server 2010 qualification This section describes the test configuration and test cases used to test interoperability between Aruba Networks WLAN solution and Microsoft Lync Server 2010. Aruba Networks, Inc. 6

Lync end point 1 Lync traffic simulator Lync end point 2 AP1 File transfer server 20 feet Wireless packet sniffer AP2 LAN LAN Lync end point 3 20 feet Controller Lync server Lync end point 4 Network packet sniffer AP3 Load generator Lync end point 7 Lync end point 5 Lync end point 8 Lync end point 6 Figure 2. Wi-Fi Reference Topology (Source: Microsoft Lync Server 2010 Open Interoperability Wi-Fi Test Plan) Overview of the topology The Controller and the Access Points communicate with the Lync Server over a Layer 3 network. The Lync server was the Lync W14 RTM CU4 version with Front End Server that routes calls between Lync End Points. Each Access Point was at least 20 feet from the other Access Point Lync End Points 1 and 2 were within 15 feet from Access Point 1 and were associated with Access Point 1. Lync End Points 3 and 4 were within 15 feet from Access Point 2 and were associated with Access Point 2. Lync End Points 5 and 6 were within 15 feet from Access Point 3 and were associated with Access Point 3. The load generator used was the Chariot load generator from Ixia and was used to pump background TCP or UDP traffic in the upstream or downstream direction to simulate channel congestion. Hardware, tools and versions Components Hardware and Software Versions Aruba 3600 Controller, AOS 6.1.2 Access Point Used: AP-105, AP-135 Airwave Wireless Management Suite Client Used Wireless: Client machines with Lync 2010 latest CU and Intel Wi-Fi adapter described below Wired: Client machines with Lync 2010 latest CU on the wired LAN Lync Server Microsoft Lync W14 latest CU Topology that routes calls between Lync End Points Aruba Networks, Inc. 7

Recommended Aruba configurations QoS in an Aruba network is a system-level feature. Over-the-air Wi-Fi QoS is enforced using WMM, while tagging and queuing of the traffic based on traffic type is enforced by the integrated firewall engine. RF-related features like band steering, voice aware scanning, and spectrum load balancing help enforce the QoS settings for the voice and video traffic by ensuring the timely and reliable delivery of the over-the-air traffic. The following subsections highlight the system configurations required to ensure QoS for Lync. Please see Appendix A for the actual configuration used in Lync validation testing. Aruba OS The environment should be running AOS 6.1.3.2 or higher. Licensing requirements Ensure that the following licenses are installed and enabled on the Aruba Mobility Controller AP licenses corresponding to the number of Aruba APs in the network Firewall licenses for all the APs in the network. This is necessary for the QoS and the Media Classify feature to work. RF design recommendation 100% coverage in all areas of Lync use Minimum RF signal (RSSI) levels of -67 dbm Minimum Signal-to-noise ration (SNR) of 25 db Co-channel separation of 20 db Virtual AP design recommendation Create SSIDs based on the Encryption used. Ex: Employee SSID for all devices that use 802.1x and have employee access. This could include laptops and mobile devices. Mobile SSID with WPA2-PSK for all device that support WPA2-PSK, Guest for all guest users with open or PSK etc. Enable dynamic multicast optimization on the SSID Enable Band Steering for clients that associate to the SSID. -- Enable Force 5GHz only if a predominant number of devices that connect to this SSID are 5 GHz capable. On the SSID profile, Set DTIM to 3 Enable WMM and set the WMM-vo-dscp to 46 Set local probe request threshold to 25 (local-probe-req-thresh 25) Enable mcast-rate-opt Aruba Networks, Inc. 8

Access policies and user roles Lync media traffic is encrypted (SIP-TLS) and the Media classify option in the ACLs should be used to prioritize the media traffic. Session ACL configuration for Lync Configure the Lync ACL and ensure that classify multimedia setting is enabled ip access-list session employee_lync any network <subnet of Lync clients> <subnet mask> tcp 5223 permit classifymedia alias Lync-servers any tcp 1024 65535 permit classify-media any any tcp 5061 permit classify-media any any udp 5061 permit classify-media any any any permit ipv6 any any any permit Lync-servers is an alias for all the Lync servers netdestination Lync-servers host <<ip address of Lync server 1>> host << ip address of Lync server 2>> Assign the policy to the appropriate user roles (to all user roles for Lync capable devices) User-role Employee session-acl employee_lync position 1 session acl <<corp access>> // all ACLs to access the corporate network for the Employees. Adaptive radio management settings Enable Adaptive Radio Management on the AP Enable Voice aware ARM Enable ps-aware-scan Depending on the environment and deployment, the user can choose to limit the min and max tx powers and the basic tx rates. Refer to the Aruba AOS user guide and the Aruba Campus Wireless Networks VRD Air time fairness Airtime fairness () feature enable fair distributions of resources across the clients. Refer to the Optimizing Aruba WLANs for Roaming Devices Solution Guide for more information on how to enable this feature to get optimal results. Aruba Networks, Inc. 9

Test results Microsoft designed three scenarios in their Wi-Fi test plan to mirror real-world conditions of end-users with Microsoft Lync: Data Only, Fixed and Mobility. A series of tests was performed against each of these scenarios to test the infrastructure s ability to handle the QoS, connectivity and scalability requirements of the three test scenarios. A brief description of the three environments tested under the qualification program is as follows: Lync data-only over Wi-Fi The Lync Data-Only over Wi-Fi (Data-Only) category supports environments in which data applications predominate and the density of Wi-Fi clients is modest. While Lync can support a number of modalities; IM, presence, web conferencing & calendaring are predominantly data based modalities that are bursty in nature. Most devices, applications and networks can correctly handle data over Wi-Fi when user and client density is low to moderate. Lync fixed real time (RT)-multimedia over Wi-Fi The Lync Fixed RT-Multimedia over Wi-Fi (Fixed) category is a superset of Lync Data-Only over Wi-Fi with the added capabilities of voice mail, video conferencing, telephony and audio conferencing over Wi-Fi. The key added functionality in this category is that real-time media is supported over Wi-Fi in a fixed setting. Lync mobility RT-multimedia over Wi-Fi The Lync Mobility RT-Multimedia over Wi-Fi (Mobility) category is the superset under which both the Data-Only and Fixed categories coexist. It encompasses all features of the other categories and also includes originating, consuming and terminating Lync services, including RT-Multimedia, while mobile, e.g., a user who has a Lync portable device who uses various Lync workloads, including RT-Multimedia, while mobile. Lync sessions can be originated when fixed or mobile. Lync Data-Only over Wi-Fi Lync QoE Results (If multiple calls are being measured, the metrics will be documented for each call) Section Test Case# Test Case Description Result Jitter (ms) Delay (ms) Packet Loss (%) NMOS Degradation 4.2 802.11a Certification 4.2.1 Access Point is 802.11a certified Pass 4.2.2 Access Point support 802.11a operation Pass 2 6 0.12 0.09 4.3 802.11G Wi-Fi Certified 4.3.1 Access Point is 802.11g certified Pass 4.3.2 Access point supports 802.11g operation Pass 1 7 0.03 0.04 4.4 802.11N Wi-Fi certified 4.4.1 Access Point is 802.11n certified Pass 4.4.2 Access point supports 802.11n operation (2.4GHz) Pass 2 10 0.25 0.11 4.4.3 Access point supports 802.11n operation (5GHz) Pass 2 8 0.1 0.09 Aruba Networks, Inc. 10

4.5 WPA2 Support 4.5.1 Access point is certified for WPA2 enterprise Pass 4.5.2 Access Point authenticates Lync End Point using WPA2 PSK Pass 0.06 9 0.17 0.06 4.5.3 Access Point authenticates Lync End Point using WPA2 Pass 2 8 0.05 0.08 Enterprise 4.5.4 AP supports PMK for roaming Pass 2 18 0.63 0.44 4.6 Wide Channel Operation 4.6.1 AP connectivity with both 20MHz and 40MHz support on 5GHz Pass 2 8 0.1 0.09 band 4.7 Power Over Gigabit Ethernet 4.7.1 AP can be powered using a Power over Gigabit Ethernet interface Pass 4.8 IPv6 Support 4.8.1 AP supports IPv6 in either hardware or software Pass 4.8.2 AP can handle calls when both IPv4 and IPv6 are enabled Pass 2 10 0.25 0.12 4.9 Band Steering 4.9.1 AP can steer dual band clients to 5GHz when Band Steering is Pass 2.5 8 0.13 0.1 enabled 4.10 Spectrum Analysis 4.10.1 AP can detect and display the source of interference on a channel Pass 1 34 0 0.02 4.10.2 AP can determine the category of interference in English terms Pass 1 34 0 0.02 4.11 Logging 4.11.1 AP generates session logs with session details NA 2 6 0.56 0.13 4.12 RF Coverage 4.12.1 WLAN solution can identify the client s location (AP it is connected Pass 4 9 0.47 0.38 to ) and past roaming history archives the movements of the client 4.12.2 WLAN solution displays RF coverage heat maps in 2.4 GHz Pass 4.12.3 WLAN solution displays RF coverage heat maps in 5 GHz Pass 4.13 Ability to distinguish between voice/video/data sessions 4.13.1 Video session is specified as such in the logs NA 3 6 0.1 0.04 4.13.2 Access Point should be able to distinguish between voice and NA 3 6 0.1 0.04 video data traffic 4.14 Fair distribution of airtime among clients with different speeds 4.14.1 All 11n clients Pass 3 19 1.14 0.30 1 10 0.73 0.22 Aruba Networks, Inc. 11

4.14.2 802.11n capable endpoints have better throughput in a mixed 11n/11g environment when is enabled with fair-access Pass 3 21 16.35 1.69 4.14.3 802.11n capable endpoints have better throughput in a mixed 11n/11a environment when is enabled with fair-access Pass 2 3 15 14 0.48 36.81 0.08 2.16 4.14.4 802.11n clients have better performance in terms of throughput and MOS in a mixed 11n/11a environment when is enabled with preferred access Pass 4 3 18 14 0.09 36.81 0.09 2.16 9 11 0 4.15 Balancing Client across Access Points 4.15.1 AP responds with busy signal when it has reached maximum 2 67 0.06 0.07 allowable users 4.15.2 WLAN load balances across APs 4 6 0.11 0.11 4.16 Traffic Classification on a per flow basis 0.02 4.16.1 Access Point classifies untagged network inbound video traffic from Lync Server and tags it on the wireless interface to the client 4.16.2 Access Point classifies untagged network inbound voice only traffic from Lync Server and tags it on the wireless interface to the client 4.16.3 Access Point classifies untagged wireless inbound video traffic from LyncEndPt and tags it on the wired interface to Lync Server 4.16.4 Access Point classifies untagged wireless inbound voice only traffic from LyncEndPt and tags it on the wired interface to Lync Server 4.17 Mapping Priority Tags 4.17.1 Access Point remaps incorrect 802.1p and DSCP tags from the network inbound voice traffic to WMM and DSCP tags on wireless outbound interface 4.17.2 Access Point remaps incorrect WMM and DSCP tags from wireless inbound video traffic to 802.1p and DSCP tags on network outbound interface 4.17.3 Access Point remaps incorrect WMM and DSCP tags on wireless inbound voice traffic to 802.1p and DSCP tags on network outbound interface Pass 1 6 0.06 0.13 Pass 5 5 0.13 0.02 Pass 1 4 0.02 0.04 Pass 5 5 0.13 0.02 Pass 1 5 0.31 0.09 Pass 4 6 0 0.07 Pass 1 5 0 0.03 Aruba Networks, Inc. 12

4.17.4 Access Point/controller has the ability to retag incorrectly Pass 1 5 0 0.03 tagged voice only traffic from the wired interface with the correct voice tags on the wired (DSCP tags) and wireless (WMM tags) interfaces 4.18 Shaping Data Traffic 4.18.1 Video call quality is not affected with data traffic shaping enabled Pass 2 8 0.19 0.1 4.18.2 Voice call quality is not affected with data traffic shaping enabled Pass 4 35 0.46 0.17 4.19 Prioritizing SIP-TLS 4.19.1 Access Point prioritizes untagged SIP TLS traffic from the network Pass 1 10 0.37 0.15 over any other traffic type under full congestion 4.19.2 Access Point prioritizes untagged SIP TLS traffic from the Pass 1 10 0.37 0.15 WLAN over any other traffic type under full congestion 4.20 Encryption Support 4.20.1 AP supports WPA2-AES encryption Pass 6 19 0.25 0.08 4.20.2 AP supports WPA2-TKIP encryption Pass 1 38 0 0.01 4.20.3 AP supports WPA-AES encryption Pass 1 11 0.13 0.04 4.20.4 AP supports WPA-TKIP encryption Pass 3 10 0.05 0.04 4.21 FIPS Accreditation 4.21.1 140-2 accredited for government applications Pass 4.22 HIPAA Compliance 4.22.1 HIPAA Compliance for healthcare solutions Pass 4.23 PCI Compliance 4.23.1 PCI compliance for applications requiring financial transactions Pass 4.24 ICSA Certified Firewall 4.24.1 Aruba has built-in ICSA certified firewall Pass 4.25 Quarantining Misbehaving Clients 4.25.1 WLAN can detect and quarantine clients that are spoofing IP Pass addresses 4.25.2 WLAN system can detect and quarantine clients that have Pass multiple authentication failures and clients that try to access restricted network 4.25.3 WLAN system detects and quarantines clients generating deauth Pass 1 9 0.08 0.04 attacks 4.25.4 WLAN system can detects and prohibits client from associating Pass 1 9 0.08 0.04 to ad-hoc networks 4.26 Quarantining Misbehaving Clients 4.26.1 Access Point performs rogue Access Point detection while servicing voice call Pass 2 9 0.15 0.06 Aruba Networks, Inc. 13

Lync fixed real time (RT)-multimedia over Wi-Fi Section Test Case# Test Case Description Result 5.2 WMM Certification 5.2.1 AP is certified for WMM Pass 5.3 Spatial Streams 5.3.1 AP must disclose number of supported spatial streams Pass 5.3.2 AP has at least two transmit antennas Pass 5.3.3 AP has at least two receive antennas Pass 5.4 Dual Band Operation Lync QoE Results (If multiple calls are being measured, the metrics will be documented for each call) Jitter (ms) Delay (ms) Packet Loss (%) 5.4.1 AP can handle calls in the 2.4 GHz band Pass 1 7 0.03 0.04 5.4.2 AP can handle calls in the 5 GHz band Pass 2 6 0.12 0.09 5.4.3 AP can handle simultaneous voice calls between users in Pass 2.4GHz and between users in 5GHz 5.5 Dynamic RF Power Management 5.5.1 AP supports RF power management in a voice enabled network Pass 5.6 Dynamic Channel Selection 5.6.1 AP supports dynamic channel selection in a voice enabled Pass network 5.7 Defer Intrusion Detection and Scanning while processing Real-Time Traffic 5.7.1 WLAN does not cause jitter of more than 50ms while doing Pass 2 9 0.15 0.06 Intrusion Detection (Rogue AP detection) 5.7.2 WLAN does not cause more than 1% packet loss while doing Pass 2 9 0.15 0.06 Intrusion Detection (Rogue AP detection) 5.7.3 WLAN does not cause more than 3 consecutive lost packets Pass 2 9 0.15 0.06 while doing Intrusion Detection (Rogue Access Point) 5.7.4 Intrusion detection is performed without increasing the RTP Pass 2 9 0.15 0.06 delay by more than 50ms (Rogue Access Point) 5.7.5 WLAN does not cause degradation of call quality while doing Pass 2 9 0.15 0.06 Intrusion Prevention (Rogue Access Point) 5.8 WMM Tag Mapping 5.8.1 AP maps WMM priority tag for video traffic to 802.1p priority tag Pass 2 6 0.27 0.07 for video traffic on the network side 5.8.2 Access Point maps 802.11e (WMM) priority tag for voice traffic to 802.1p priority tag for voice traffic on the network side Pass 2 6 0.27 0.07 NMOS Degradation EP1- EP3 0 EP2- EP4 1 EP1- EP4 2 EP2- EP3 1 EP1- EP3 10 EP2- EP4 10 EP1- EP4 9 EP2- EP3 8 EP1- EP3 0.18 EP2- EP4 0.08 EP1- EP4 0.1 EP2- EP3 0 EP1- EP3 0.07 EP2- EP4 0.06 EP1- EP4 0.02 EP2- EP3 0.02 Aruba Networks, Inc. 14

5.9 Prioritizing Traffic 5.9.1 AP can prioritize voice over video and video over data traffic with WMM and 802.1p tagging disabled on end-points and Lync server respectively 5.9.2 AP can prioritize voice over video and video over data traffic with WMM and 802.1p tagging enabled on end-points and Lync server respectively 5.9.3 AP can prioritize voice over video and video over data traffic with WMM disabled and 802.1p tagging enabled on end-points and Lync server respectively 5.9.4 AP can prioritize voice over video and video over data traffic with WMM enabled and 802.1p tagging disabled on end-points and Lync server respectively 5.10 Protecting Existing Call Quality 5.10.1 Existing call quality is not affected when a new call is made through a fully loaded Access Point 5.11 Priority Tag Mapping to Tunnel Priority 5.11.1 AP that tunnels all client traffic to controller maps WMM tags to DSCP tunnel priority tags 5.11.2 AP that tunnels all client traffic to controller maps DSCP tags to DSCP tunnel priority tags 5.12 Scalability of Wide Band Codec Voice Calls without Background Traffic 5.12.1 AP must be able to handle at least five Lync video calls (10 clients) with no background traffic 5.13 Scalability of Video VGA Calls without Background Traffic 5.13.1 AP must be able to handle at least one video call with no background traffic 5.14 Scalability of Wide Band Voice Calls with 100% UDP Downstream Background Traffic 5.14.1 AP must be able to handle at least one wide-band codec voice call with 100% UDP downstream background traffic 5.15 Scalability of Wide Band Codec Voice Calls with 100% UDP Upstream Background Traffic 5.15.1 AP must be able to handle at least one wide-band codec voice call with 100% UDP upstream background traffic 5.16 Scalability of Video VGA calls with 100% UDP Downstream Background Traffic 5.16.1 AP must be able to handle at least one wide-band codec voice call with 100% UDP downstream background traffic 5.17 Scalability of Video VGA calls with 100% UDP Upstream Background Traffic 5.17.1 AP must be able to handle at least one wide-band codec voice call with 100% UDP upstream background traffic 5.18 Scalability of Wide Band Voice Calls with 100% TCP Downstream Background Traffic 5.18.1 AP must be able to handle at least one wide-band codec voice call with TCP downstream background traffic Pass 2 6 0.27 0.07 Pass 2 6 0.27 0.07 Pass 2 6 0.27 0.07 Pass 2 6 0.27 0.07 Pass 2 6 0.27 0.07 Pass 1 6 0.16 0.02 Pass 1 6 0.16 0.02 Pass 3.1 9.3 0.12 0.15 Pass 3.8 17 0.84 0.22 Pass 3.8 17 0.84 0.22 Pass 4 10 0.88 0.34 Pass 3.8 17 0.84 0.22 Pass 4 10 0.88 0.34 Pass 8.2 26 0.45 0.38 Aruba Networks, Inc. 15

5.19 Scalability of Wide Band Codec Voice Calls with 100% TCP Upstream Background Traffic 5.19.1 AP must be able to handle at least one wide-band codec voice call with 100% TCP upstream background traffic 5.20 Scalability of Video VGA calls with 100% TCP Downstream Background Traffic 5.20.1 AP must be able to handle at least one wide-band codec voice call with 100% TCP downstream background traffic 5.21 Scalability of Video VGA calls with 100% TCP Upstream Background Traffic 5.21.1 AP must be able to handle at least one wide-band codec voice call with 100% TCP upstream background traffic Pass 8 23 0.24 0.35 Pass 8.2 26 0.45 0.38 Pass 8 23 0.24 0.35 Lync mobility RT-multimedia over Wi-Fi Section Test Case# Test Case Description Result 6 Mobility 6.2 OKC/PMK Caching 6.3 Fast Roaming 6.3.1 AP ensures fast roaming between APs without affecting call quality when encryption used is 802.1x 6.3.2 AP ensures fast roaming between APs without affecting call quality when encryption used is PSK 6.3.3 AP ensures fast roaming without affecting call quality when roaming between controller/aps in different subnets 6.4 Efficient Roaming with AP-assisted Handoff 6.4.1 AP supports efficient roaming with AP-assisted handoff Lync QoE Results (If multiple calls are being measured, the metrics will be documented for each call) Jitter (ms) Delay (ms) Packet Loss (%) NMOS Degradation Pass 3 11 0.44 0.15 Pass 2 11 0.59 0.22 Pass 3 9 0.09 0.07 6.5 Jitter During Roaming 6.5.1 AP causes no more than 50ms jitter while roaming between APs Pass 2 11 0.59 0.22 6.6 Delay During Roaming 6.6.1 AP causes no more than 50ms delay when roaming between APs 6.6.2 AP causes no more than 100ms delay when roaming between APs under maximum load 6.7 Packet Loss During Roaming 6.7.1 AP causes no more than 1% packet loss while roaming between APs 6.7.2 AP causes no more than 3 consecutive lost packets while roaming between APs 6.8 Broadcast Load Indications using 802.11v QBSS Transition Mgmt. Frames 6.8.1 Access Point broadcasts channel load information in beacon and probe response frames when QBSS is enabled Pass 2 11 0.59 0.22 Pass 2 11 0.15 0.3 Pass 2 11 0.59 0.22 Pass 2 11 0.59 0.22 Pass 5 11 1.34 0.34 Aruba Networks, Inc. 16

6.9 UCI Forum UC Mobility Certified 6.9.1 AP is UCI Forum UC Mobility Certified Pass 6.10 WFA Voice Enterprise (V-E) Certified 6.10.1 AP is WFA Voice Enterprise (V-E) Certified Pass Conclusion As the migration continues towards mobile computing and smartphones, and away from wired desk connections, a wirelessly connected Microsoft Lync Server platform is an ideal platform through which users can stay connected with the enterprise and one another. Aruba s wireless infrastructure is the ideal host platform for Lync: application fingerprinting identifies and prioritizes sessions without network configuration, enabling the Microsoft Lync Server to be deployed anywhere within the enterprise WLAN with service assurance. The combination of Microsoft Lync Server and Aruba s wireless LAN allows mobile employees to communicate more reliably, securely, and effectively over voice, video, IM, or conferencing than was ever before possible. References Aruba Aruba OS 6.1 User Guide Aruba Checklist for Planning a Voice Over Wi-Fi Network: Quality of Service http://airheads.arubanetworks.com/article/checklist-planning-voice-over-wi-fi-network-quality-service Optimizing Aruba WLANs for Roaming Devices Solution Guide - http://www.arubanetworks.com/pdf/technology/ DG_Roaming.pdf Aruba Campus WLAN networks - http://www.arubanetworks.com/wp-content/uploads/ CampusVRDV8_20110913.pdf Microsoft Microsoft Lync Getting Started Guide http://lync.microsoft.com/en-us/pages/default.aspx Microsoft Lync Planning Guide http://lync.microsoft.com/en-us/pages/default.aspx Microsoft White Paper Delivering Lync Real-Time Communications over Wi-Fi http://www.microsoft.com/en-us/download/details.aspx?id=35401 Aruba Networks, Inc. 17

Appendix A: Aruba Controller Configuration version 6.1 enable secret e3ff586c01e27d93807bfd01ee7bc8ce628701a4eb8097e4fc enable bypass hostname Aruba3200 clock timezone PST -8 location Building1.floor1 controller config 318 ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list eth validuserethacl permit any netservice svc-snmp-trap udp 162 netservice svc-netbios-dgm udp 138 netservice svc-pcoip2-tcp tcp 4172 netservice svc-dhcp udp 67 68 netservice svc-smb-tcp tcp 445 netservice svc-https tcp 443 netservice svc-ike udp 500 netservice svc-l2tp udp 1701 netservice svc-syslog udp 514 netservice svc-citrix tcp 2598 netservice svc-pptp tcp 1723 netservice svc-ica tcp 1494 netservice svc-telnet tcp 23 netservice svc-sccp tcp 2000 netservice svc-sec-papi udp 8209 netservice svc-tftp udp 69 netservice svc-kerberos udp 88 netservice svc-sip-tcp tcp 5060 netservice svc-netbios-ssn tcp 139 netservice svc-lpd tcp 515 netservice svc-pop3 tcp 110 netservice svc-adp udp 8200 netservice svc-cfgm-tcp tcp 8211 netservice svc-noe udp 32512 netservice svc-http-proxy3 tcp 8888 netservice svc-pcoip-tcp tcp 50002 netservice svc-pcoip-udp udp 50002 netservice svc-dns udp 53 netservice svc-msrpc-tcp tcp 135 139 netservice svc-rtsp tcp 554 netservice svc-http tcp 80 netservice svc-vocera udp 5002 netservice svc-h323-tcp tcp 1720 netservice svc-h323-udp udp 1718 1719 netservice svc-nterm tcp 1026 1028 netservice svc-sip-udp udp 5060 netservice svc-http-proxy2 tcp 8080 netservice svc-papi udp 8211 netservice svc-noe-oxo udp 5000 alg noe netservice svc-ftp tcp 21 netservice svc-natt udp 4500 netservice svc-svp 119 netservice svc-microsoft-ds tcp 445 netservice svc-gre 47 netservice svc-smtp tcp 25 netservice svc-smb-udp udp 445 netservice svc-sips tcp 5061 netservice svc-netbios-ns udp 137 netservice svc-esp 50 netservice svc-ipp-tcp tcp 631 netservice svc-bootp udp 67 69 netservice svc-snmp udp 161 netservice svc-v6-dhcp udp 546 547 netservice svc-pcoip2-udp udp 4172 netservice svc-icmp 1 netservice svc-ntp udp 123 netservice svc-msrpc-udp udp 135 139 netservice svc-ssh tcp 22 netservice svc-ipp-udp udp 631 netservice svc-http-proxy1 tcp 3128 netservice svc-v6-icmp 58 netservice svc-vmware-rdp tcp 3389 netexthdr default ip access-list session allow-diskservices any any svc-netbios-dgm permit any any svc-netbios-ssn permit any any svc-microsoft-ds permit any any svc-netbios-ns permit ip access-list session control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-papi permit any any svc-sec-papi permit any any svc-cfgm-tcp permit any any svc-adp permit any any svc-tftp permit any any svc-dhcp permit Aruba Networks, Inc. 18

any any svc-natt permit ip access-list session v6-icmp-acl ipv6 any any svc-v6-icmp permit ip access-list session validuser network 169.254.0.0 255.255.0.0 any any deny any any any permit ipv6 any any any permit ip access-list session vocera-acl any any svc-vocera permit queue high ip access-list session v6-https-acl ipv6 any any svc-https permit ip access-list session blacklist-acl host 172.25.20.108 host 172.25.20.105 any deny send-deny-response blacklist log ip access-list session vmware-acl any any svc-vmware-rdp permit tos 46 dot1p-priority 6 any any svc-pcoip-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip-udp permit tos 46 dot1p-priority 6 any any svc-pcoip2-tcp permit tos 46 dot1p-priority 6 any any svc-pcoip2-udp permit tos 46 dot1p-priority 6 ip access-list session icmp-acl any any svc-icmp permit ip access-list session lync any any tcp 5061 permit classify-media queue high ip access-list session captiveportal user alias controller svc-https dstnat 8081 user any svc-http dst-nat 8080 user any svc-https dst-nat 8081 user any svc-http-proxy1 dst-nat 8088 user any svc-http-proxy2 dst-nat 8088 user any svc-http-proxy3 dst-nat 8088 ip access-list session v6-dhcp-acl ipv6 any any svc-v6-dhcp permit ip access-list session allowall any any any permit ipv6 any any any permit ip access-list session v6-dns-acl ipv6 any any svc-dns permit ip access-list session lync-acl any any tcp 5061 permit classify-media any any udp 5061 permit classify-media any any svc-sip-udp permit classify-media queue high any any svc-sip-tcp permit classify-media queue high ip access-list session sip-acl any any svc-sip-udp permit queue high any any svc-sip-tcp permit queue high ip access-list session https-acl any any svc-https permit ip access-list session dns-acl any any svc-dns permit ip access-list session ra-guard ipv6 user any icmpv6 rtr-adv deny ip access-list session citrix-acl any any svc-citrix permit tos 46 dot1ppriority 6 any any svc-ica permit tos 46 dot1p-priority 6 ip access-list session allow-printservices any any svc-lpd permit any any svc-ipp-tcp permit any any svc-ipp-udp permit ip access-list session logon-control user any udp 68 deny any any svc-icmp permit any any svc-dns permit any any svc-dhcp permit any any svc-natt permit ip access-list session vpnlogon user any svc-ike permit user any svc-esp permit any any svc-l2tp permit any any svc-pptp permit any any svc-gre permit ip access-list session srcnat user any any src-nat ip access-list session skinny-acl any any svc-sccp permit queue high Aruba Networks, Inc. 19

ip access-list session tftp-acl any any svc-tftp permit ip access-list session v6-allowall ipv6 any any any permit ip access-list session cplogout user alias controller svc-https dstnat 8081 ip access-list session background ip access-list session captiveportal6 ipv6 user alias controller6 svc-https captive ipv6 user any svc-http captive ipv6 user any svc-https captive ipv6 user any svc-http-proxy1 captive ipv6 user any svc-http-proxy2 captive ipv6 user any svc-http-proxy3 captive ip access-list session dhcp-acl any any svc-dhcp permit ip access-list session http-acl any any svc-http permit ip access-list session v6-http-acl ipv6 any any svc-http permit ip access-list session ap-uplink-acl any any udp 68 permit any any svc-icmp permit any host 224.0.0.251 udp 5353 permit ip access-list session ap-acl any any svc-gre permit any any svc-syslog permit any user svc-snmp permit user any svc-snmp-trap permit user any svc-ntp permit user alias controller svc-ftp permit ip access-list session svp-acl any any svc-svp permit queue high user host 224.0.1.116 any permit ip access-list session noe-acl any any svc-noe permit queue high ip access-list session h323-acl any any svc-h323-tcp permit queue high any any svc-h323-udp permit queue high ip access-list session v6-logon-control ipv6 user any udp 68 deny ipv6 any any svc-v6-icmp permit ipv6 any any svc-v6-dhcp permit ipv6 any any svc-dns permit vpn-dialer default-dialer ike authentication PRE-SHARE 8ce8d30b83f- 5c47337fa3d5014230c7c70f2441de87d0a04 user-role Lync-new access-list session blacklist-acl access-list session lync-acl access-list session allowall user-role ap-role access-list session control access-list session ap-acl user-role lync access-list session lync access-list session allowall user-role default-vpn-role access-list session allowall access-list session v6-allowall user-role voice access-list session sip-acl access-list session noe-acl access-list session svp-acl access-list session vocera-acl access-list session skinny-acl access-list session h323-acl access-list session dhcp-acl access-list session tftp-acl access-list session dns-acl access-list session icmp-acl user-role default-via-role access-list session allowall user-role guest-logon access-list session logon-control access-list session captiveportal access-list session v6-logon-control access-list session captiveportal6 user-role guest access-list session http-acl access-list session https-acl access-list session dhcp-acl access-list session icmp-acl Aruba Networks, Inc. 20

access-list session dns-acl access-list session v6-http-acl access-list session v6-https-acl access-list session v6-dhcp-acl access-list session v6-icmp-acl access-list session v6-dns-acl user-role stateful-dot1x user-role authenticated access-list session allowall access-list session v6-allowall user-role logon access-list session logon-control access-list session captiveportal access-list session vpnlogon access-list session v6-logon-control access-list session captiveportal6 controller-ip vlan 3 interface mgmt shutdown dialer group evdo_us init-string ATQ0V1E0 dial-string ATDT#777 dialer group gsm_us init-string AT+CGDCONT=1, IP, ISP.CINGU- LAR dial-string ATD*99# dialer group gsm_asia init-string AT+CGDCONT=1, IP, internet dial-string ATD*99***1# dialer group vivo_br init-string AT+CGDCONT=1, IP, zap.vivo. com.br dial-string ATD*99# vlan 3 description GE1/0 trusted trusted vlan 1-4094 switchport access vlan 3 interface gigabitethernet 1/1 description GE1/1 trusted trusted vlan 1-4094 switchport access vlan 3 interface gigabitethernet 1/2 description GE1/2 trusted trusted vlan 1-4094 port monitor gigabitethernet 1/0 interface gigabitethernet 1/3 description GE1/3 trusted trusted vlan 1-4094 switchport access vlan 3 interface vlan 3 ip address 172.25.20.3 255.255.255.0 ip helper-address 172.25.20.24 ip nat inside interface vlan 1 shutdown ip default-gateway 172.25.20.2 uplink disable ap mesh-recovery-profile cluster RecoveryWaKoOno5UeUrXKyh wpa-hexkey 0b0047b8cda7c68c5a6fee69c5e8a783840ef- c69b77b8ca868316e32578f05de875a1186811c- 60c1942469a646ea19f808f503f887856986b- 2c581f88323f4bd246b75174275e4477-8e1157f7a4621b5 crypto isakmp policy 20 encryption aes256 crypto ipsec transform-set default-boc-bmtransform esp-3des esp-sha-hmac interface gigabitethernet 1/0 Aruba Networks, Inc. 21

crypto ipsec transform-set default-raptransform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes espaes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set default-transform default-aes crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 vpdn group l2tp ip dhcp excluded-address 172.25.20.1 172.25.20.149 ip dhcp pool Pool1 default-router 172.25.20.2 dns-server 172.25.20.24 lease 8 0 0 0 network 172.25.20.0 255.255.255.0 authoritative syslocation POC Lab syscontact Syed snmp-server community aruba123 vpdn group pptp tunneled-node-address 0.0.0.0 adp discovery enable adp igmp-join enable adp igmp-vlan 0 voice rtcp-inactivity disable voice sip-midcall-req-timeout disable ap ap-blacklist-time 3600 ssh mgmt-auth username/password mgmt-user admin root f4e8a0b401de2cd809b- 5fa1bb50938a0473ee937d08260383c no database synchronize database synchronize rf-plan-data ip mobile domain default hat 172.25.20.0 255.255.255.0 3 10.68.4.10 description Hat1 ip mobile domain lync description lync hat 10.68.4.0 255.255.255.0 1 172.25.20.3 description lync hat 172.25.20.0 255.255.255.0 3 10.68.4.10 description lync ip mobile active-domain Lync ip igmp ipv6 mld no firewall attack-rate cp 1024 ipv6 firewall ext-hdr-parse-len 100 firewall cp firewall cp packet-capture-defaults tcp disable udp disable sysmsg disable other disable ip domain lookup country US aaa authentication mac default aaa authentication dot1x default aaa authentication dot1x lync-dot1x termination enable termination eap-type eap-peap termination inner-eap-type eap-mschapv2 aaa server-group default auth-server Internal set role condition role value-of aaa profile default aaa profile lync initial-role lync authentication-dot1x lync-dot1x Aruba Networks, Inc. 22

dot1x-default-role authenticated dot1x-server-group internal aaa authentication captive-portal default aaa authentication captive-portal lync-cp default-role Lync-new server-group internal redirect-pause 5 max-authentication-failures 3 aaa authentication wispr default aaa authentication vpn default aaa authentication vpn default-rap aaa authentication mgmt aaa authentication stateful-ntlm default aaa authentication stateful-kerberos default aaa authentication stateful-dot1x aaa authentication wired web-server session-timeout 3600 papi-security guest-access-email voice logging voice dialplan-profile default voice real-time-config voice sip aaa password-policy mgmt control-plane-security no cpsec-enable ids management-profile ids wms-general-profile poll-retries 3 ids wms-local-system-profile ids ap-rule-matching valid-network-oui-profile ap system-profile default ap regulatory-domain-profile default country-code US valid-11g-channel 6 valid-11g-channel 11 valid-11a-channel 36 valid-11a-channel 40 valid-11a-channel 44 valid-11a-channel 48 valid-11a-channel 149 valid-11a-channel 153 valid-11a-channel 157 valid-11a-channel 161 valid-11a-channel 165 valid-11g-40mhz-channel-pair 1-5 valid-11g-40mhz-channel-pair 7-11 valid-11a-40mhz-channel-pair 44-48 valid-11a-40mhz-channel-pair 52-56 valid-11a-40mhz-channel-pair 60-64 valid-11a-40mhz-channel-pair 100-104 valid-11a-40mhz-channel-pair 108-112 valid-11a-40mhz-channel-pair 116-120 valid-11a-40mhz-channel-pair 124-128 valid-11a-40mhz-channel-pair 132-136 valid-11a-40mhz-channel-pair 149-153 valid-11a-40mhz-channel-pair 157-161 ap wired-ap-profile default ap enet-link-profile default ap mesh-ht-ssid-profile default ap mesh-cluster-profile default ap wired-port-profile default ap mesh-radio-profile default ids general-profile default wireless-containment none ids rate-thresholds-profile default ids signature-profile default ids impersonation-profile default Aruba Networks, Inc. 23

no detect-ap-spoofing ids unauthorized-device-profile default detect-adhoc-network no detect-windows-bridge no detect-unencrypted-valid-client no detect-valid-client-misassociation ids signature-matching-profile default ids dos-profile default no detect-disconnect-sta spoofed-deauth-blacklist no detect-omerta-attack no detect-fata-jack-attack no detect-malformed-large-duration no detect-block-ack-dos no detect-power-save-dos-attack ids profile default rf arm-profile arm-maintain assignment maintain no scanning rf arm-profile arm-scan rf arm-profile default assignment disable rf arm-profile lync assignment disable max-tx-power 21 min-tx-power 3 voip-aware-scan ps-aware-scan rf arm-profile lync-arm assignment disable max-tx-power 12 voip-aware-scan ps-aware-scan rf arm-profile lync2-arm assignment disable voip-aware-scan rf optimization-profile default rf event-thresholds-profile default rf am-scan-profile default rf dot11a-radio-profile default mode spectrum-mode channel 149+ arm-profile lync rf dot11a-radio-profile lyn3-a channel 44+ tx-power 3 slb-update-interval 10 slb-threshold 10 spectrum-load-bal-domain slb arm-profile lync-arm rf dot11a-radio-profile lync-a channel 149+ spectrum-load-balancing slb-update-interval 10 slb-threshold 10 spectrum-load-bal-domain slb arm-profile lync-arm rf dot11a-radio-profile lync2-a channel 36+ tx-power 3 slb-update-interval 10 slb-threshold 10 spectrum-load-bal-domain slb arm-profile lync-arm rf dot11a-radio-profile lync4-a channel 36+ spectrum-load-balancing slb-update-interval 10 slb-threshold 10 spectrum-load-bal-domain slb arm-profile lync-arm rf dot11a-radio-profile rp-maintain-a arm-profile arm-maintain rf dot11a-radio-profile rp-monitor-a mode am-mode rf dot11a-radio-profile rp-scan-a arm-profile arm-scan rf dot11a-radio-profile slb-a channel 157+ tx-power 20.5 slb-update-interval 1 arm-profile lync rf dot11g-radio-profile default Aruba Networks, Inc. 24

mode spectrum-mode channel 11 arm-profile lync rf dot11g-radio-profile rp-maintain-g arm-profile arm-maintain rf dot11g-radio-profile rp-monitor-g mode am-mode rf dot11g-radio-profile rp-scan-g arm-profile arm-scan rf dot11g-radio-profile slb-g no radio-enable channel 6 tx-power 20.5 slb-update-interval 1 arm-profile lync rf dot11g-radio-profile slb-g-2 channel 11 spectrum-load-balancing slb-update-interval 1 arm-profile lync-arm wlan dot11k-profile default wlan voip-cac-profile default wlan ht-ssid-profile default wlan wmm-traffic-management-profile lync enable-shaping voice 38 video 60 best-effort 1 background 1 wlan edca-parameters-profile station default wlan edca-parameters-profile ap default wlan ssid-profile default wlan ssid-profile lync essid lync1 opmode wpa2-aes wmm wpa-passphrase 467a8594684544e217b- 8873deac82124cf5515e58938c724 qbss-load-enable wlan virtual-ap default wlan virtual-ap lync aaa-profile lync ssid-profile lync vlan 3 blacklist-time 120 auth-failure-blacklist-time 180 vlan-mobility wmm-traffic-management-profile lync wlan traffic-management-profile lync bw-alloc virtual-ap lync share 100 shaping-policy fair-access ap provisioning-profile default ap spectrum local-override ap-group default ap-group lync virtual-ap lync dot11a-radio-profile slb-a dot11g-radio-profile slb-g dot11a-traffic-mgmt-profile lync dot11g-traffic-mgmt-profile lync logging level warnings security subcat ids logging level warnings security subcat idsap logging facility local7 logging 172.25.20.81 type user severity debugging facility local1 snmp-server enable trap snmp-server host 10.68.1.8 version 2c aruba123 udp-port 162 process monitor log remote-node config-id 11 end Aruba Networks, Inc. 25

Aruba White Paper www.arubanetworks.com 1344 Crossman Avenue. Sunnyvale, CA 94089 1-866-55-ARUBA Tel. +1 408.227.4500 Fax. +1 408.227.4550 info@arubanetworks.com 2012 Aruba Networks, Inc. Aruba Networks trademarks include AirWave, Aruba Networks, Aruba Wireless Networks, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System, Mobile Edge Architecture, People Move. Networks Must Follow, RFProtect, and Green Island. All rights reserved. All other trademarks are the property of their respective owners. SG_DeployMicrosoftLync_110912