Prerequisites: Creating Wi-Fi profiles and VPN profiles
You must install and configure wireless access points for your organization’s
enterprise Wi-Fi network. Perform the following actions:
 |
Verify that the access points comply with the IEEE 802.11a standard, IEEE 802.11b standard, or IEEE 802.11g standard. |
|
|
Verify the number of connections for each access point to make sure that the access points can manage additional traffic. |
|
|
Verify that users can roam between access points. |
|
|
Refer to the documentation for the access points to complete a site survey and assign channels. |
|
|
If your organization does not use a switched enterprise Wi-Fi network and your organization has multiple subnets, configure the subnets to cover the same physical area. The configuration can affect how users send or receive calls. |
|
|
Assign an SSID to each access point or each group of access points that share an SSID. |
|
|
If users can roam between the access points, configure all of the relevant SSID profiles on each access point. |
|
|
If your organization uses NAT traversal, verify that the access points support NAT traversal. |
You must configure authentication and encryption for the access points. Perform
the following actions:
|
|
Configure authentication using a supported authentication method. For example, if your organization uses layer 2 access security, verify that your organization uses one of the supported layer 2 security methods. |
|
|
Configure encryption using a supported encryption method. |
If your organization’s environment requires a VPN concentrator, configure a VPN concentrator for VPN access security using IPsec VPN. See the administrator for your organization’s firewall or VPN concentrator to determine the appropriate configuration settings.
You must configure firewall settings. Perform the following actions:
|
|
If your organization use a proxy firewall, configure the proxy server so that it is transparent to users. |
|
|
Verify that the IP addresses for the BlackBerry Domain that are relevant to your organization’s environment are permitted addresses. |
|
|
Verify that the Wi-Fi network can connect to the BlackBerry Router. |
|
|
Verify that you add the IP address of the BlackBerry Router to the DNS server. |
Configure the ports for the Wi-Fi network.
You must configure access to the DHCP server and DNS server. Perform the
following actions:
|
|
If necessary, configure your organization’s enterprise Wi-Fi network to access the DHCP server. |
|
|
If you do not use static IT addresses, use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access the DHCP server. |
|
|
Use the DNS lookup tool on a Wi-Fi enabled BlackBerry device to verify that the BlackBerry device can access one or more DNS servers. |
If your organization uses an AAA server, you must configure it. Perform the
following actions:
|
|
Configure the AAA server to support the Wi-Fi authentication method that your organization uses. |
|
|
Permit all access points to use the AAA server. |
If you configure service-specific access security, create a captive portal login.
You must configure user accounts in your organization's environment. Perform the
following actions:
|
|
Create authentication credentials for the user accounts. |
|
|
If your organization uses EAP-TLS, EAP-TTLS, or PEAP authentication methods, permit the BlackBerry Enterprise Server to access to the PKI infrastructure and certificates. |
Add the MAC addressses of every BlackBerry device that you permit to access a specific enterprise Wi-Fi network (an allowed list) or prevent from accessing a specific enterprise Wi-Fi network (a restricted list) to the controller for each access point.