Bedienungsanleitung Cisco Systems 0L-11350-01

518 Seiten 8.74 mb
Download

Zur Seite of 518

Summary
  • Cisco Systems 0L-11350-01 - page 1

    Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Cisco IOS S of tw are Configuration Guide f or Cisco Air onet A ccess P oints Cisco IOS Releases 12.4(3g)JA and 12.3(8)JEB April 20 07 Text Part Number: 0L -11350-01 ...

  • Cisco Systems 0L-11350-01 - page 2

    THE SPECIFICATION S AND INFORMATION REGARDING THE PRODUCTS IN THIS MA NUAL ARE SUBJECT TO CHAN GE WITHOUT NOTICE. ALL STATEMENTS , INFORMATION, AND RECOMMENDATI ONS IN THI S MANUAL ARE BE LIEVED TO BE A CCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FUL L RESPONSIBILITY FOR THEIR APPL ICATION OF ANY PR ...

  • Cisco Systems 0L-11350-01 - page 3

    iii Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 CONTENTS Preface xix Audience xix Purpose xix Organization xx Conventi ons xxi Related Publication s xxiii Obtaining Documentation, Obtaining Support, and Security Guid elines xxiv CHAPTER 1 Overview 1-1 Features 1-2 Features Introduced in This Release 1-2 Japan ...

  • Cisco Systems 0L-11350-01 - page 4

    Contents iv Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Using Online Help 2-14 Changing the Loca tion of Help Files 2-14 Disabling the Web-Browser Interface 2-1 5 CHAPTER 3 Using the Command-Line Interface 3-1 Cisco IOS Command Modes 3-2 Getting Help 3-3 Abbreviating Command s 3-3 Using no and default Forms ...

  • Cisco Systems 0L-11350-01 - page 5

    Contents v Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Default Settings on the Express Setup Page 4-14 Configuring Basic Security Settings 4-15 Understanding E xpress Security Settings 4-18 Using VLANs 4-18 Express Security Types 4-19 Express Security Limitations 4-21 Using the Express Security Page 4-21 CLI ...

  • Cisco Systems 0L-11350-01 - page 6

    Contents vi Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Controlling Access Point Acce ss with TACACS+ 5-15 Default TACACS+ Configuration 5-15 Configuring TACACS+ Login Authentication 5-15 Configuring TACACS+ Authorization for Pr ivileg ed EXEC Access and Network Services 5-17 Displaying the TACACS+ Configura ...

  • Cisco Systems 0L-11350-01 - page 7

    Contents vii Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Creating a Banner 5-35 Default Banner Configuration 5-35 Configuring a Message-o f-the-Day Login Banner 5-35 Configuring a Login Banner 5-37 Upgrading Autonomous Cisco Airo net Access Points to Lightweight Mode 5-37 Migrating to Japan W52 Domain 5-37 Ve ...

  • Cisco Systems 0L-11350-01 - page 8

    Contents viii Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Enabling and Disabling Public Secure Packet Forwarding 6-28 Configuring Protected Ports 6-29 Configuring the Beacon Period and the DTIM 6-30 Configure RTS Threshold and Re tries 6-30 Configuring the Maximum Data Retries 6-31 Configuring the Fragmentat ...

  • Cisco Systems 0L-11350-01 - page 9

    Contents ix Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 CHAPTER 8 Configuring Spanning Tree Protocol 8-1 Understanding Spanning Tre e Protocol 8-2 STP Overview 8-2 350 Series Bridge Interoperability 8-3 Access Point/Bridge Protocol Data Units 8-3 Election of the Spanning-Tre e Root 8-4 Spanning-Tree T imers 8 ...

  • Cisco Systems 0L-11350-01 - page 10

    Contents x Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Using Debug Messages 9-11 CHAPTER 10 Configuring Cipher Suites and WEP 10-1 Understanding Cipher Suites and WEP 10-2 Configuring Cipher Suites and WE P 10-3 Creating WEP Keys 10-3 WEP Key Restrictions 10-5 Example WEP Key Setup 10-5 Enabling Cipher Suite ...

  • Cisco Systems 0L-11350-01 - page 11

    Contents xi Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Understanding Fast Se cure Roaming 12-3 Understanding Rad io Management 12-5 Understanding Layer 3 Mo bility 12-5 Understanding Wireless Intrusion Detec tion Services 12-6 Configuring WDS 12-7 Guidelines for WDS 12-8 Requirements for WDS 12 -8 Configurat ...

  • Cisco Systems 0L-11350-01 - page 12

    Contents xii Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 CHAPTER 13 Configuring RADIUS and TACACS+ Servers 13-1 Configuring and Enabling RADIUS 13-2 Understanding RADIUS 13 -2 RADIUS Operation 13-3 Configuring RADIUS 13-4 Default RADIUS Configuration 13-4 Identifying the RADIUS Server Host 13-5 Configuring R ...

  • Cisco Systems 0L-11350-01 - page 13

    Contents xiii Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Using a RADIUS Server to Assign Users to VLANs 14-8 Using a RADIUS Server for Dynamic Mobility Group Assignment 14-9 Viewing VLANs Configured on the Ac cess Point 14-9 VLAN Configuration Example 14-10 CHAPTER 15 Configuring QoS 15-1 Understanding QoS f ...

  • Cisco Systems 0L-11350-01 - page 14

    Contents xiv Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 CHAPTER 17 Configuring CDP 17-1 Understanding CDP 17-2 Configuring CDP 17-2 Default CDP Configuration 17-2 Configuring the CDP Characteristics 17-2 Disabling and Enabling CDP 17-3 Disabling and Enabling CDP on an Interface 17 -4 Monitoring and Maintain ...

  • Cisco Systems 0L-11350-01 - page 15

    Contents xv Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Setting Up a Repe ater As a WPA Client 19-8 Understanding Ho t Standby 19-8 Configuring a Hot Standby Access Point 19 -9 Verifying Standby Opera tion 19-12 Understanding Workg roup Bridge Mo de 19-13 Treating Workgroup Brid ges as Infrastru cture Devices ...

  • Cisco Systems 0L-11350-01 - page 16

    Contents xvi Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Preparing to Download or Upload a Con figuration File by Us ing FTP 20-13 Downloading a Configuration File by Using FTP 20-13 Uploadin g a Configurati on File by Using FTP 20-14 Copying Configuration Files by Using RCP 20-15 Preparing to Download or Up ...

  • Cisco Systems 0L-11350-01 - page 17

    Contents xvii Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Setting a Logg ing Rate Limit 21-9 Configuring UNIX Syslog Servers 21-10 Logging Messages to a UNIX Syslog Daemon 21-10 Configuring the UNIX System Logging Facility 21-10 Displaying the Logging Configuration 21-12 CHAPTER 22 Wireless Device Tro ublesho ...

  • Cisco Systems 0L-11350-01 - page 18

    Contents xviii Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 APPENDIX C Error and Event Messa ges C-1 Conventi ons C-2 Software Auto Upgrade Messages C-3 Association Managem ent Messages C-4 Unzip Messages C-5 802.11 Subsys tem Messages C-5 Inter-Access Point Protocol Messages C-19 Local Authenticator Messages ...

  • Cisco Systems 0L-11350-01 - page 19

    xix Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Preface Audience This guide is for the n etworking pr ofessional who installs and manages Ci sco Aironet Access Points. T o use this guide, you should ha ve e xperience wor king with the Cisco IOS software and be f amiliar with the concepts and terminolo gy of w ...

  • Cisco Systems 0L-11350-01 - page 20

    xx Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Preface This guide also includes an ov erview of the acce ss point web-based i nterface (APWI), which contains all the functionality of th e command-line interface (CLI). Thi s guide does not pro vide fi eld-le vel descriptions of the APWI wind ows nor does it p ...

  • Cisco Systems 0L-11350-01 - page 21

    xxi Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Preface Chapter 15, “Configuring QoS, ” describes how to conf igure and mana ge MA C address, IP , and Ethertype filters on the access point using the web-bro wser interface. Chapter 17, “Conf iguring CDP , ” describes how to conf igure Cisco Discovery P ...

  • Cisco Systems 0L-11350-01 - page 22

    xxii Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Preface Note Means reader take note. No tes contain helpful sugg es tions or references to materials not cont ained in this manual. Caution Means reader be careful. In this situation, you mi ght do something that could result equi pment damage or loss of data. ...

  • Cisco Systems 0L-11350-01 - page 23

    xxiii Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Preface Related Publications These documents provide complete information about the access point: • Quick St art Guide: Cisco Air onet 1100 Series Access P oints • Quick St art Guide: Cisco Air onet 1130A G Series Access P oint • Quick St art Guide: Cisc ...

  • Cisco Systems 0L-11350-01 - page 24

    xxiv Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Preface Obtaining Documentation, Obtaining Support, and Security Guidelines For info rmation on obtaining documentation, o btaining support, pro viding documentation feedback, security g uidelines, and al so recommended aliase s and general Cisco doc uments, s ...

  • Cisco Systems 0L-11350-01 - page 25

    CH A P T E R 1-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 1 Overview Cisco Aironet Access PointsCisco wi reless de vices (hereafter called access points or wir eless devices ) provide a secu re, af fordable, and easy-to-use wireless LAN solutio n that combines mobility and flexibil ity with the enterprise ...

  • Cisco Systems 0L-11350-01 - page 26

    1-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 1 Overvi ew Features Features This section lists features suppo rted on access pointW ireless devices runni ng Cisco IOS softw are. Note The proxy Mobile-IP feature i s not supported in Cisco I OS Releases 12.3(2)J A and later . Note Cisco IOS Release 1 ...

  • Cisco Systems 0L-11350-01 - page 27

    1-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 1 Overview Features • U regulatory do main = W52 The upgrade utility allo ws users to migrate their 802.11a radios from J52 to W52. The utility operates on the follo wing devi ces: • 1130 series access points • 1200 series access points with RM 21 ...

  • Cisco Systems 0L-11350-01 - page 28

    1-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 1 Overvi ew Management Options Universal Workgroup Bridge This feature pro vides the means for Cisco access points con figured as workgroup br idges (WGBs) to associate with non-Cisco access points. In addit ion, th e feature provides the WGB with the a ...

  • Cisco Systems 0L-11350-01 - page 29

    1-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 1 Overview Network Configuration Examp les Root Access Point An access point connected directly to a wired LAN provides a connection p oint for wireless users. If more than one access point is connected to the LAN, us ers can roam from one area of a fac ...

  • Cisco Systems 0L-11350-01 - page 30

    1-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 1 Overvi ew Network Configuratio n Examples Figure 1 -2 Access P oint as Repeater Bridges The 1200 and 1240 access point s and the 1300 access point/br idge can be config ured as root or non-root bridges. In this role, an access point establishes a wire ...

  • Cisco Systems 0L-11350-01 - page 31

    1-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 1 Overview Network Configuration Examp les Figur e 1 -4 Access P oints as Root an d Non-r oot Bridg es with Clients When wirless bridges are used in a point- to-multipoint conf iguration the throughput is reduced depending on the n umber of non-root bri ...

  • Cisco Systems 0L-11350-01 - page 32

    1-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 1 Overvi ew Network Configuratio n Examples Central Unit in an All-Wireless Network In an all-wireless network, an access point acts as a stand-alone root unit. The access point is not attached to a wired LAN; it functions as a hub linking all stations ...

  • Cisco Systems 0L-11350-01 - page 33

    CH A P T E R 2-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 2 Using the Web-Browser Interface This chapter describes the web-bro wser interface th at you can use to configure the wireless de vice. The details reg arding the conf iguration parameters are co ntained in the help system . This chap ter contains ...

  • Cisco Systems 0L-11350-01 - page 34

    2-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Note A void using both the CLI an d the web-bro wser interf aces to configur e the wireless de vice. If you configure the wireless device using the CLI, the web-browser interface might display an inaccurate interpretat ...

  • Cisco Systems 0L-11350-01 - page 35

    2-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 2 Using the Web -Browser Interface Using the Web-Browse r Interface for the First Time Using the Web-Browser Interface for the First Time Use the wireless de vice’ s IP address to bro w se to the management system. See the “Obtaini ng and Assigning ...

  • Cisco Systems 0L-11350-01 - page 36

    2-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Using the Manag ement Pages in the We b-Browser Interfac e Using Action Buttons Ta b l e 2 - 1 lists the page links and b uttons that appear on most management pages. T able 2-1 Common But tons on Manag e ment P ages B ...

  • Cisco Systems 0L-11350-01 - page 37

    2-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 2 Using the Web -Browser Interface Enabling HTTPS for Secure Browsing Character Restrictions in Entry Fields Because the 1200 series acce ss point uses Cisco IO S software, tThere are certain characters that you cannot use in the entry f ields on the we ...

  • Cisco Systems 0L-11350-01 - page 38

    2-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Secure Browsing Follo w these steps to create an FQDN and enable HTTPS: Step 1 If your bro wser uses popup-blocking software, disable th e popup-blocking feat ure. Step 2 Browse t o the Express Setup ...

  • Cisco Systems 0L-11350-01 - page 39

    2-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 2 Using the Web -Browser Interface Enabling HTTPS for Secure Browsing Figur e 2-3 Services – DNS P a ge Step 5 Select Enable for Domain Name System. Step 6 In the Domain Name f ield, enter your co mpany’ s domain name. At Cisco Systems, for example, ...

  • Cisco Systems 0L-11350-01 - page 40

    2-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Secure Browsing Step 10 Browse to the Services: HTTP W eb Server page. Figure 2-4 sho w s the HTTP W eb Server page: Figur e 2-4 Services: HTTP W eb Server P age Step 11 Select the Enable Secure (HTT ...

  • Cisco Systems 0L-11350-01 - page 41

    2-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 2 Using the Web -Browser Interface Enabling HTTPS for Secure Browsing Step 14 Another warning w indow appears stati ng that the acce ss point’ s security certificate is v alid but is not from a kno wn source. Howe ver , you can accept the ce rtificate ...

  • Cisco Systems 0L-11350-01 - page 42

    2-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Secure Browsing Figur e 2-7 Certificat e Window Step 16 On the Certificate wi ndow , click Install Cer tificate . The Microsoft W indo ws Certificat e Import W izard appears. Figure 2-8 sho w s the ...

  • Cisco Systems 0L-11350-01 - page 43

    2-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 2 Using the Web -Browser Interface Enabling HTTPS for Secure Browsing Figur e 2-8 Certificat e Import Wizar d Window Step 17 Click Next . The next windo w asks where you want to store the certif icate. Cisco recommends that you use the defaul t storage ...

  • Cisco Systems 0L-11350-01 - page 44

    2-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Secure Browsing Figur e 2-1 0 Certificat e Completion Window Step 19 Click Finis h . W indows displays a f inal security warning. Figure 2-11 shows the security w arning. Figur e 2-1 1 Certificat e ...

  • Cisco Systems 0L-11350-01 - page 45

    2-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 2 Using the Web -Browser Interface Enabling HTTPS for Secure Browsing Figure 2-12 Import Successful Windo w Step 21 Click OK . Step 22 On the Certificate windo w shown in Figure 2-7 , which is still displayed, click OK . Step 23 On the Security Alert w ...

  • Cisco Systems 0L-11350-01 - page 46

    2-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Using Online Help Using Online Help Click the help icon at the top of an y page in the web-br owser interface to d isplay online help. Figure 2-13 sho ws the help and print icon s. Figur e 2-13 Help and Pr int Icons W ...

  • Cisco Systems 0L-11350-01 - page 47

    2-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 2 Using the Web -Browser Interface Disabling the Web- Browser Interface Ta b l e 2 - 2 shows an example help l ocation and Help Root URL for an 11 00 series access point. Step 5 Click Apply . Disabling the Web-Browser Interface T o prevent all use of t ...

  • Cisco Systems 0L-11350-01 - page 48

    2-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 2 Using th e Web-Browser Interface Disabling the Web-Browser Inter face ...

  • Cisco Systems 0L-11350-01 - page 49

    CH A P T E R 3-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 3 Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure the wireless de vice. It contains these secti ons: • Cisco IOS Command Modes, page 3-2 • Getting Help, page 3-3 ? ...

  • Cisco Systems 0L-11350-01 - page 50

    3-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 3 Using the Comman d-Line Interface Cisco IOS Command Modes Cisco IOS Command Modes The Cisco IOS user interface is di vided into many dif ferent modes. The commands av ailable to you depend on which mode y ou are currently in. Enter a question mark (?) ...

  • Cisco Systems 0L-11350-01 - page 51

    3-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 3 Using th e Comma nd-Line Interface Getting Help Getting Help Y ou can ente r a question mark (?) at the system prompt to display a list of commands a vailable for each command mo de. Y o u can also obtain a li st of asso ciated keyw ords and ar gument ...

  • Cisco Systems 0L-11350-01 - page 52

    3-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 3 Using the Comman d-Line Interface Using no and default Forms of Commands Using no and default Forms of Commands Most confi guration commands al so hav e a no form. In general, use the no form to disable a feature or function or re verse the action of ...

  • Cisco Systems 0L-11350-01 - page 53

    3-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 3 Using th e Comma nd-Line Interface Using Comman d History Changing the Command History Buffer Size By default, the wi reless de vice records ten command lines in its history buf fer . Beginni ng in pri vileged EXEC mode, enter this command to change t ...

  • Cisco Systems 0L-11350-01 - page 54

    3-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 3 Using the Comman d-Line Interface Using Editing Featu res Using Editing Features This section descri bes the editing features that can help you manipu late the command line. It contai ns these sections: • Enabling and Disabling Edit ing Features, pa ...

  • Cisco Systems 0L-11350-01 - page 55

    3-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 3 Using th e Comma nd-Line Interface Using Editing Feature s Editing Command Lines that Wrap Y ou can use a wraparound feature for comman ds that ext end beyond a single li ne on the screen. When the cursor reaches the right margin, the command line shi ...

  • Cisco Systems 0L-11350-01 - page 56

    3-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 3 Using the Comman d-Line Interface Searching and Filtering Output of show and more Commands In this e xample, the access-list global conf iguration command entry ex tends beyo nd one line. When the cursor first reaches the end of the line, the line is ...

  • Cisco Systems 0L-11350-01 - page 57

    3-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 3 Using th e Comma nd-Line Interface Accessing the CLI Accessing the CLI Y ou can open the w ireless device’ s C LI using T elnet or Secure Shell (SSH). Opening the CLI with Telnet Follo w these steps to open the CLI with T elnet. These steps are for ...

  • Cisco Systems 0L-11350-01 - page 58

    3-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 3 Using the Comman d-Line Interface Accessing the CLI ...

  • Cisco Systems 0L-11350-01 - page 59

    CH A P T E R 4-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 4 Configuring the Access Point for the First Time This chapter describe s how to configure basic settin gs on the wireless de vice for the f irst time. The contents of this chapter are similar to the instru ct ions in the quick start gui de that sh ...

  • Cisco Systems 0L-11350-01 - page 60

    4-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Before You Start Before You Start Before you install the wireless de vice, make sure you are u sing a computer connected t o the same network as t he wireless de vice, and obtain the follo wing informat ...

  • Cisco Systems 0L-11350-01 - page 61

    4-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Before You Start Step 4 Enter the wireless de vice password in the Passw ord field and press Enter . The default passwo rd is Cisco . The Summary Status page appears. Step 5 Click System Software and th ...

  • Cisco Systems 0L-11350-01 - page 62

    4-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Obtaining and Assign ing an IP Address Obtaining and Assigning an IP Address T o browse to the w ireless device’ s Express Setup pa ge, you must either obtain or assign the wireless dev ice’ s IP ad ...

  • Cisco Systems 0L-11350-01 - page 63

    4-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Connecting to the 1100 Series A ccess Point Locally The 1300 series access point/br idge assumes a radio netw ork role of a root access point . T o configu re it as a bridge, you must manually place it ...

  • Cisco Systems 0L-11350-01 - page 64

    4-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Connecting to the 1130 Series Access Point Locally Connecting to the 1130 Series Access Point Locally If you need to conf igure the access point locally (without connecting th e access point to a wired ...

  • Cisco Systems 0L-11350-01 - page 65

    4-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Connecting to the 1300 Series Access Point/Bridge Locally Note When your confi guration change s a re completed, you must remo ve the serial cab le from the access point. Connecting to the 1300 Series A ...

  • Cisco Systems 0L-11350-01 - page 66

    4-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Default Radio Settings Default Radio Settings Beginning with Cisco IOS Release 12.3(8)J A, access po int radios are disabled and no default SSID is assigned. This was done in order to prev ent unaut hor ...

  • Cisco Systems 0L-11350-01 - page 67

    4-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Settings Figure 4-1 Summary Status P age Step 5 Click Express Set up . The Express Setup screen appears. Figure 4-2 and Figure 4-3 sho ws the Express Setup page for the 1100 series acce ...

  • Cisco Systems 0L-11350-01 - page 68

    4-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings Figur e 4-2 Expr ess Setup P age f or 1 1 00 Ser ies Access P oints ...

  • Cisco Systems 0L-11350-01 - page 69

    4-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Settings Figur e 4-3 Expr ess Setup P age fo r 1 130, 1200 , and 1240 Ser ies Access P oints Note Figure 4-3 sho ws the Express Setup page for an 1130 series access point. The 1200 seri ...

  • Cisco Systems 0L-11350-01 - page 70

    4-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings Figur e 4-4 Expr ess Setup P age f or the 1300 Series A ccess Point/Br idge Step 6 Enter the conf iguration settings you obtained from you r system administ rator . The conf ig ...

  • Cisco Systems 0L-11350-01 - page 71

    4-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Settings • IP Address —Use thi s setting to assign or change t h e wireless device’ s IP address. If DHCP is enabled for your network, leav e this field blank. Note If the wireles ...

  • Cisco Systems 0L-11350-01 - page 72

    4-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings – Custom —The wireless device uses the settings you enter on the Network Interfaces: Radio-802.11b Settings page. C licking Custom takes you to the Network Int erfaces: Rad ...

  • Cisco Systems 0L-11350-01 - page 73

    4-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s Configuring Basic Security Settings After you assign basic settings to the wireless de vi ce, you must conf igure security settings to pre vent unauthorized access ...

  • Cisco Systems 0L-11350-01 - page 74

    4-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basi c Security Settings Figur e 4-5 Expr ess Secur ity P age ...

  • Cisco Systems 0L-11350-01 - page 75

    4-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s The Express Security page helps you conf igure basic security settin gs. Y ou can use the web-bro wser interface’ s main Security pages to configure mor e adva nc ...

  • Cisco Systems 0L-11350-01 - page 76

    4-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basi c Security Settings Understanding Express Security Settings The SSIDs that you create using the Express security page appear in the SSID ta ble at the bottom of the page. Y ou can crea ...

  • Cisco Systems 0L-11350-01 - page 77

    4-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s Express Security Types Ta b l e 4 - 2 describes the four security types that yo u can assign to an SSID. T able 4-2 Secur ity T ypes on Expr ess Security Set up P a ...

  • Cisco Systems 0L-11350-01 - page 78

    4-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basi c Security Settings EAP Authentication This option en ables 802.1X authentication (such as LEA P , PEAP , EAP-TLS, EAP-F AST , EAP-TTLS, EAP-GTC, EAP-SIM, and other 802.1X/EAP based pr ...

  • Cisco Systems 0L-11350-01 - page 79

    4-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s Express Security Limitations Because the Express Security page is designed for simple configuration of basic security , the options av ailable are a sub set of the ...

  • Cisco Systems 0L-11350-01 - page 80

    4-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basi c Security Settings CLI Configuration Examples The examples in this section sho w the CLI commands that are equiv alent to cr eating SSIDs using each security type on the Express Secur ...

  • Cisco Systems 0L-11350-01 - page 81

    4-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s Example: Static WEP This example sho ws part of the configurati on that re sults from using the Express Security page to create an SSID called static_wep_ssid , exc ...

  • Cisco Systems 0L-11350-01 - page 82

    4-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basi c Security Settings bridge-group 20 block-unknown-source no bridge-group 20 source-learning no bridge-group 20 unicast-flooding bridge-group 20 spanning-disabled Example: EAP Authentic ...

  • Cisco Systems 0L-11350-01 - page 83

    4-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring Basic Security Setting s bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridg ...

  • Cisco Systems 0L-11350-01 - page 84

    4-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring Basi c Security Settings aaa new-model ! ! aaa group server radius rad_eap server 10.91.104.92 auth-port 1645 acct-port 1646 ! aaa group server radius rad_mac ! aaa group server radius rad_ ...

  • Cisco Systems 0L-11350-01 - page 85

    4-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring System Power Setting s for 1130 and 1240 Series Access Points bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.40 encapsulation do ...

  • Cisco Systems 0L-11350-01 - page 86

    4-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Using the IP Setup Utility Using a Power Injector If you use a power injector to pro vide power to the 1130 or 1240 access point, select Power Injector on the System Software: Syst em Confi guration pa ...

  • Cisco Systems 0L-11350-01 - page 87

    4-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Assigning an IP Address Using the CLI Figur e 4-7 IPSU Get IP A ddress Scr een Step 2 When the utility wind ow op ens, make sur e the Get IP addr radio b utton in the Function box is selected. Step 3 E ...

  • Cisco Systems 0L-11350-01 - page 88

    4-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Using a Telnet Session to Access the CLI Using a Telnet Session to Access the CLI Follo w these steps to access the CLI by using a T elnet session. The se steps are for a PC running Microsoft W indows ...

  • Cisco Systems 0L-11350-01 - page 89

    4-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring the 802.1X Supplicant Y ou can complete the phases in any order , but the y must be completed before the supplicant b ecomes operational. Creating a Credentials Profile Beginning in priv il ...

  • Cisco Systems 0L-11350-01 - page 90

    4-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring the 802.1X Supplicant Applying the Credentials Pr ofile to the Wired Port Beginni ng in the pri vileged EXEC mode, fol low t hese steps to apply the credentials to th e access point’ s wi ...

  • Cisco Systems 0L-11350-01 - page 91

    4-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 4 Configuring th e Access Point for the First Time Configuring the 802.1X Supplicant The follo wing example applys the credentials profile test to the ssid testap1 on a repeater access point. repeater-ap> enable Password: xxxxxxx repeater-ap# config ...

  • Cisco Systems 0L-11350-01 - page 92

    4-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring the 802.1X Supplicant ...

  • Cisco Systems 0L-11350-01 - page 93

    CH A P T E R 5-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 5 Administering the Access PointWireless Device Access This chapter de scribes ho w to administer the wirele ss de vice. This chap ter contains the se sections: • Disabling the Mo de Button, page 5-2 • Prev enting U nauthorized Access to Y our ...

  • Cisco Systems 0L-11350-01 - page 94

    5-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Disabling the Mode Button Disabling the Mode Button Y ou can disable the mode b utton on access points ha ving a console port b y using the [no] boot mode-button co mmand. This command pre vents p ...

  • Cisco Systems 0L-11350-01 - page 95

    5-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Preventing Unauthorized Access to Your Access Point Preventing Unauthorized Access to Your Access Point Y ou can pre vent unauthori zed users from reconf iguring the wireless de vice and vie wing ...

  • Cisco Systems 0L-11350-01 - page 96

    5-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Protecting Access to Privileged EXEC Commands Default Password and Privilege Level Configuration Ta b l e 5 - 1 shows the def ault password and pri vile ge lev e l conf iguration. Setting or Chang ...

  • Cisco Systems 0L-11350-01 - page 97

    5-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Protecting A ccess to Privileged EXEC Commands This example sho ws how to ch ange the enable password to l1u2c3k4y5 . The password is not encrypted and provides access to le vel 15 (tradi tional p ...

  • Cisco Systems 0L-11350-01 - page 98

    5-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Protecting Access to Privileged EXEC Commands Protecting Enable and Enable Secret Passwords with Encryption T o provide an additi onal layer of security , particularly for passwor ds that cross th ...

  • Cisco Systems 0L-11350-01 - page 99

    5-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Protecting A ccess to Privileged EXEC Commands If both the enable and enable secret passwords are defined, users must enter the enable secret password. Use the level keyw ord to def ine a password ...

  • Cisco Systems 0L-11350-01 - page 100

    5-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Protecting Access to Privileged EXEC Commands T o disable userna me authenticatio n for a specific user, use the no user name name global configuration command. T o disable password checking and a ...

  • Cisco Systems 0L-11350-01 - page 101

    5-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Controlling Access Point Access with RADIUS When you set a command to a privilege le vel, all commands whose syntax is a subset of that command are also set to that le vel. For e xample, if you se ...

  • Cisco Systems 0L-11350-01 - page 102

    5-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Controlling Access Po int Access with RADIUS RADIUS provid es detailed accounting infor mation and fle xible administrati ve control o ver authentication and authorization processes. RADIUS is fa ...

  • Cisco Systems 0L-11350-01 - page 103

    5-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Controlling Access Point Access with RADIUS T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authentic ation, use the no aaa authentication login { default ...

  • Cisco Systems 0L-11350-01 - page 104

    5-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Controlling Access Po int Access with RADIUS Defining AAA Server Groups Y ou can configure the wireless de vice to use AAA server g roups to group e xisting server h osts for authentication. Y ou ...

  • Cisco Systems 0L-11350-01 - page 105

    5-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Controlling Access Point Access with RADIUS Step 3 radius-server host { hostname | ip-addr ess } [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit re t r i e s ...

  • Cisco Systems 0L-11350-01 - page 106

    5-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Controlling Access Po int Access with RADIUS T o remove the specified RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. T o remov e a server grou ...

  • Cisco Systems 0L-11350-01 - page 107

    5-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Controlling Access Po int Access with TACACS+ T o disable authorization, use the no aaa authorizat ion { network | exec } method1 global configuration command. Displaying the RADIUS Configuration ...

  • Cisco Systems 0L-11350-01 - page 108

    5-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Controlling Access Po int Access with TACACS+ authentication met hods are performed. The only e xception is the default method li st (which, b y coincidence, is named default ). The default metho ...

  • Cisco Systems 0L-11350-01 - page 109

    5-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Controlling Access Po int Access with TACACS+ T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authentic ation, use the no aaa authentication login { defau ...

  • Cisco Systems 0L-11350-01 - page 110

    5-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Configuring Ethernet Speed and Duplex Settings Configuring Ethernet Speed and Duplex Settings Y ou ca n assign the wireless device Ethernet port speed and duplex setting s. Cisco recommen ds that ...

  • Cisco Systems 0L-11350-01 - page 111

    5-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Configu ring the Access Po int for L ocal Authentica tion and Auth orization Configuring the Access Point for Local Authentication and Authorization Y ou can configure AAA to operate without a se ...

  • Cisco Systems 0L-11350-01 - page 112

    5-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Configuring the Authen tication Cache and Profile T o disable AAA, use the no aaa new-model global conf iguration command. T o disable authorization, use the no aaa authorization { network | ex e ...

  • Cisco Systems 0L-11350-01 - page 113

    5-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Configuring the Authen tication Cache and Profile ! aaa group server tacacs+ tac_admin server 192.168.133.231 cache expiry 1 cache authorization profile admin_cache cache authentication profile a ...

  • Cisco Systems 0L-11350-01 - page 114

    5-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Configuring the Access Po int to Provide DHCP Service ! ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/ ...

  • Cisco Systems 0L-11350-01 - page 115

    5-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Configuring the Access Point to Pr ovide DHCP Service Note When you configure the access point as a DHCP server , it assigns IP addresses to de vices on its subnet. The de vices communicate with ...

  • Cisco Systems 0L-11350-01 - page 116

    5-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Configuring the Access Po int to Provide DHCP Service Use the no form of these commands to return to def ault settings. This exampl e shows ho w to configu re the wireless devi ce as a DHCP serve ...

  • Cisco Systems 0L-11350-01 - page 117

    5-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Configuring th e Access Point for Secure Sh ell Clear Commands In pri vileged Exec mode, use the commands in Ta b l e 5 - 3 to clear DHCP server v aria bles. Debug Command T o enable DHCP server ...

  • Cisco Systems 0L-11350-01 - page 118

    5-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Configuring Client ARP Caching Note The SSH feature in this software releas e does not suppor t IP Security (IPSec). Configuring SSH Before conf iguring SSH, do wnload the crypto softwa re image ...

  • Cisco Systems 0L-11350-01 - page 119

    5-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Managing the System Time and Date Configuring ARP Caching Beginni ng in pri vileged EXEC mod e, follow these steps to confi gure the wireless de vice to maintain an ARP cache for asso ciated clie ...

  • Cisco Systems 0L-11350-01 - page 120

    5-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Managing the System T ime and Date http://www .cisco.com/en/US/ tech/tk648/tk362/ technologies_tech_note09186a0080a23d02 .shtml If multiple serv ers are at the same stratum, a con f igured serv e ...

  • Cisco Systems 0L-11350-01 - page 121

    5-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Managing the System Time and Date Beginning in privileged EXEC mode, follow these steps to set th e system clock: This exampl e show s how to manually set the system clock to 1: 32 p.m. on July 2 ...

  • Cisco Systems 0L-11350-01 - page 122

    5-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Managing the System T ime and Date The minutes-offset variable in the clock timezone global conf iguration command is av ailable for those cases where a local time zone is a percentage of an hour ...

  • Cisco Systems 0L-11350-01 - page 123

    5-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Managing the System Time and Date The first part of the clock summer -time global conf iguration command specifies when su mmer time begins, and the second part specif ies when it ends. All times ...

  • Cisco Systems 0L-11350-01 - page 124

    5-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Defining HTTP Acc ess Defining HTTP Access By default, 80 is used fo r HTTP access, and port 443 is used for HTTPS access. These values can be customized by the user . Follow these steps to defi ...

  • Cisco Systems 0L-11350-01 - page 125

    5-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Configuring a System Name and Prompt When you set the system name, it is also used as the system prompt. T o return to the default ho st name, use the no hostname global conf iguration command. U ...

  • Cisco Systems 0L-11350-01 - page 126

    5-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Configuring a System Name a nd Prompt Setting Up DNS Beginni ng in pri vileged EXEC mode, foll ow th ese steps to set up the wireless device to use the DNS: If you use the wireless de vice IP add ...

  • Cisco Systems 0L-11350-01 - page 127

    5-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Creating a Banner T o remov e a domain name, use the no ip domain-name name global configuration command. T o remove a name server address, use the no ip name-server server-addr ess global conf i ...

  • Cisco Systems 0L-11350-01 - page 128

    5-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Creating a Ban ner Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure a MO TD login banner: T o delete the MO TD banner , use the no banner motd global conf iguration command ...

  • Cisco Systems 0L-11350-01 - page 129

    5-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Upgrading Autonomo us Cisco Airone t Access Points to Lightweight Mode Configuring a Login Banner Y ou can configur e a login banner to appear on al l c onnected terminals. This banner appears af ...

  • Cisco Systems 0L-11350-01 - page 130

    5-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Migrating to Japan W52 Domain The following interface global conf iguration mode CLI command is us ed to migrate an access point 802.11a radio to the W52 d omain: dot11 migrate j52 w 52 After dis ...

  • Cisco Systems 0L-11350-01 - page 131

    5-39 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 5 Administering t he Access PointWire less Device Access Configuring Multiple VLAN and Rate Limiting for Point-to -Multipoint Bridging Verifying the Migration Use the show controllers command to conf irm the migration as shown i n this typical e xample ...

  • Cisco Systems 0L-11350-01 - page 132

    5-40 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 5 Administe ring the Access PointWire less Device Access Configuring Multiple VLAN and Rate Limiting for Po int-to-Multipoint Bridging In a typical scenario, multiple VLAN support pe rmits users to set u p point-to -multipoint b ridge links with remote ...

  • Cisco Systems 0L-11350-01 - page 133

    CH A P T E R 6-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 6 Configuring Radio Settings This chapter descri bes how to configure radio settin gs for the wireless de vice. This chapter includes these sections: • Enabling the Radio Interf ace, page 6-2 • Config uring the Role in Radio Net work, page 6-2 ...

  • Cisco Systems 0L-11350-01 - page 134

    6-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Enabling the Radio Interface Enabling the Radio Interface The wireless de vice radios are disabled b y default. Note In Cisco IOS Release 12.3(8)J A there is no default SSID. Y ou must crea te a Radio Service Set Identifier ...

  • Cisco Systems 0L-11350-01 - page 135

    6-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring the Ro le in Radio Netw ork Y ou can a lso configure a fallback role for root access points. The wi reless de vice automatically assumes the fallback role when it s Ethernet port is disabled or disconnected from ...

  • Cisco Systems 0L-11350-01 - page 136

    6-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network Step 3 station-role non-root {bridge | wireless- clients} rep e a te r root {access-point | ap-only | [bridge | wireless- clients] | [fallback | repeater | shutdo wn]} scanner workgr oup ...

  • Cisco Systems 0L-11350-01 - page 137

    6-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring D ual-Radio Fallback Note When you enable the role in the radio network as a Bridge/w orkg roup bridge and enable the interface using the no shut command, the physical status and t he software status of the i nte ...

  • Cisco Systems 0L-11350-01 - page 138

    6-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Du al-Radio Fallb ack Note This feature is supported b y the dual-radio access poi nts such as AP1240, AP1230, and AP 1130. Note This feature does not affect the fa llbac k feature for single-radio acces s points ...

  • Cisco Systems 0L-11350-01 - page 139

    6-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuri ng Radio Data R ates Bridge Features Not Supported The follo wing features are not supported when a 1200 or 1240 series access point is configured as a bridge: • Clear Channel Assessment (CCA) • Interoperabilit ...

  • Cisco Systems 0L-11350-01 - page 140

    6-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Radio Data Rates to be made based on reso urces av ailable to the wirele ss project, type of traf fic th e users will be passing, service le vel desired, an d as always, the quality of the RF en vironment.When yo ...

  • Cisco Systems 0L-11350-01 - page 141

    6-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuri ng Radio Data R ates Step 3 speed These option s are a v ailable for th e 802.11b, 2.4-GHz radio: {[ 1.0 ] [ 11.0 ] [ 2.0 ] [ 5.5 ] [ basic-1.0 ] [ basic-11.0 ] [ basic- 2.0 ] [ basic-5.5 ] | range | thro ughput } ...

  • Cisco Systems 0L-11350-01 - page 142

    6-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Radio Tr ansmit Power Use the no form of the speed command to remov e one or more data rates from the conf iguration. This example sho ws how to remo ve data rates basic-2.0 and basic-5.5 from th e configu ratio ...

  • Cisco Systems 0L-11350-01 - page 143

    6-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Ra dio Transmit Power Beginni ng in privile ged EXEC mode, follow these steps to set the transmit power on access point radios: Use the no form of the po wer command to return the po wer setting to maximum , the ...

  • Cisco Systems 0L-11350-01 - page 144

    6-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Radio Tr ansmit Power Limiting the Power Level for Associated Client Devices Y ou can also limit the po wer le vel on client de vices that associate to the wireless de vice. When a client device associates to th ...

  • Cisco Systems 0L-11350-01 - page 145

    6-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Radio Channel Settings Configuring Radio Channel Settings The default channel setting for the wireless de vice ra dios is least congested; at startup, th e wireless device scans for and selects the least-congest ...

  • Cisco Systems 0L-11350-01 - page 146

    6-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Ra dio Channel Settings Ta b l e 6 - 3 shows the a v ailable channe ls and frequencies for the IEEE 802.11b 2.4-GHz radio. T able 6- 3 Channels and F requencies f or IEEE 802.1 1b 2.4 GHz Radio Ta b l e 6 - 4 sh ...

  • Cisco Systems 0L-11350-01 - page 147

    6-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Radio Channel Settings T able 6-4 Channels and A v ailable F r equencies f or IEEE 802.1 1g 2.4 GHz Radio Ta b l e 6 - 5 shows the a vailable channels an d frequencies for the RM20A IEEE 802.1 1a radio T abl e 6 ...

  • Cisco Systems 0L-11350-01 - page 148

    6-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Ra dio Channel Settings Ta b l e 6 - 6 shows the a vailable freque ncies for the RM21A and RM22A IEEE 802.11a 5-GHz radios. T abl e 6-6 Channels and A vai lable F r equencies f or th e RM21A and RM22A IEEE 802.1 ...

  • Cisco Systems 0L-11350-01 - page 149

    6-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Radio Channel Settings Dynamic Frequency Selection Access points with 5-GHz radios configured at th e factory for use in the United States, Europe, Singapore, K orea, Japan, Israel, and T aiwan now comp ly with ...

  • Cisco Systems 0L-11350-01 - page 150

    6-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Ra dio Channel Settings Prior to transmitt ing on any channels listed in Ta b l e 6 - 7 , the access point radio performs a Channel A vailability Check (CA C). The CA C is a 60 second scan for the presence of ra ...

  • Cisco Systems 0L-11350-01 - page 151

    6-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Radio Channel Settings Uniform Spreading Required: Yes Current Frequency: 5300 MHz Channel 60 ( DFS enabled ) Current Frequency: 5300 MHz Channel 60 (DFS enabled) Allowed Frequencies: 5180(36) 5200(40) 5220(44) ...

  • Cisco Systems 0L-11350-01 - page 152

    6-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Ra dio Channel Settings Blocking Channels from DFS Selection If your re gulatory domai n limits the channels th at you can use in specif ic locations- -for example, indoo rs or outdoors--you can block groups of ...

  • Cisco Systems 0L-11350-01 - page 153

    6-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Location-Ba sed Services Configuring Location-Based Services This section descri bes how to conf igure location-ba sed services using the access point CLI. As with other access point features, you can use a WLSE ...

  • Cisco Systems 0L-11350-01 - page 154

    6-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Enabling and Disa bling World Mo de In this e xample, the prof ile southside is enabled on the access point’ s 802.11g radio: ap# configure terminal ap(config)# dot11 lbs southside ap(dot11-lbs)# server-address 10.91.105. ...

  • Cisco Systems 0L-11350-01 - page 155

    6-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Disabling and Enabling Short Radio Preambles network there. Cisco cl ient devices running firmware ve rsion 5.30.17 or later detect whether the wireless de vice is using 802.11d or Cisco le gacy world mode and automatically ...

  • Cisco Systems 0L-11350-01 - page 156

    6-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring Tr ansm it and Receive Antenna s • Long—A long pream ble ensures compatibility b etw een the wireless device and all early models of Cisco Aironet W ireless LAN Adapters (PC4800 an d PC4800A). If these clien ...

  • Cisco Systems 0L-11350-01 - page 157

    6-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Enabling and D isabling Gratuitous Probe Re sponse Enabling and Disabling Gratuitous Probe Response Gratuitous Probe Response (GPR) ai ds in conservi ng bat tery pow er in dual mode phones that support cellular and WLAN mod ...

  • Cisco Systems 0L-11350-01 - page 158

    6-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Disabling and Enabling Airon et Extensions The optional parameters can be conf igured independently or combined when you do not want to use the defaults, as sh own in the fo llowi ng examples: (config-if)# probe-response gr ...

  • Cisco Systems 0L-11350-01 - page 159

    6-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring the Ethernet Enc apsulation Transformation Method Use the dot11 extension aironet command to enable Aironet e xtensions if they are disabled. Configuring the Ethernet Encapsulation Transformation Method When the ...

  • Cisco Systems 0L-11350-01 - page 160

    6-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Enabling and Disabli ng Public Secure Packet Forwardin g whether multicast packets reach the intended workgroup br idge, so workgroup brid ges at the edge of the wireless device's co verage area might lose IP connec ti ...

  • Cisco Systems 0L-11350-01 - page 161

    6-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Enabling and Disabling Pu blic Secure Packet Forwa rding PSPF is disabled b y default. Be ginning in privil e ged EXEC mode, follo w th ese steps to enable PSPF: Use the no form of the command to disable PSPF . Configuring ...

  • Cisco Systems 0L-11350-01 - page 162

    6-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring the Be acon Period and the DTIM For detai led information on protected ports and por t blocking, refer to the “Conf iguring Port-Based T raff ic Control” chapter in the Catalyst 3550 Multi layer Switch Softw ...

  • Cisco Systems 0L-11350-01 - page 163

    6-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Configuring the Maximum Data Retries Use the no form of the command to reset the R TS settings to defaults. Configuring the Maximum Data Retries The maximum data retries setting determines the nu mber of attempts the wirele ...

  • Cisco Systems 0L-11350-01 - page 164

    6-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Enabling Short Slot Time for 802.11g Radios Use the no form of the command to reset the setting t o defaults. Enabling Short Slot Time for 802.11g Radios Y ou can increase throughput on the 802.11g, 2 .4-GHz radio by enabli ...

  • Cisco Systems 0L-11350-01 - page 165

    6-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics The Stream page appears. Step 4 Click the tab for the radio to co nfigure. Step 5 For both CoS 5 (V ideo) and CoS 6 (V o ice) user priorities, ch oose Lo w Latency f rom the Pack et Handling drop-do w ...

  • Cisco Systems 0L-11350-01 - page 166

    6-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Viewing Voice Reports Y ou ca n use a browser to access voice reports listing V oWLAN me trics stored on a WLSE. Y ou can view reports for access point groups and for indi vidual access points. T o vi ...

  • Cisco Systems 0L-11350-01 - page 167

    6-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics • T o view a graph of v oice bandwidth in use during the last h our , choose Bandwidth In Use (% Allowed) from the Report Name drop-down menu. • T o view graph s of voice streams in pro gress, cho ...

  • Cisco Systems 0L-11350-01 - page 168

    6-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figur e 6-6 V oice Streaming Pr ogress Viewing Wireless Client Reports In addition to vie wing voice reports from an access point perspective, you can vie w them from a client perspective. F or e very ...

  • Cisco Systems 0L-11350-01 - page 169

    6-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figure 6-7 Wir eless Client Metr ics Viewing Voice Fault Summary The Faults > V oice Summary page in WLSE displays a summary of the faults detect ed with the follo wing voice fault types: • Exces ...

  • Cisco Systems 0L-11350-01 - page 170

    6-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figur e 6-8 V oice F ault Summary Configuring Voice QoS Settings Y ou can use WLSE’ s Faults > V oice QoS Settings scre en to def ine the v oice QoS thresholds for the follo wing parameters: • ...

  • Cisco Systems 0L-11350-01 - page 171

    6-39 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics T o view a summary of v oice faults, follo w these steps: Step 1 Log in to a WLSE. Step 2 Click the Fau l t s tab. Step 3 Click V oice QoS Settings . Step 4 T o change a setting, choose a ne w value f ...

  • Cisco Systems 0L-11350-01 - page 172

    6-40 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figure 6-1 0 F ault Settings ...

  • Cisco Systems 0L-11350-01 - page 173

    CH A P T E R 7-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 7 Configuring Multiple SSIDs This chapter describe s how to configure and manage multiple service set identif iers (SSIDs) on the access point. This chapter contains these sections : • Understanding Multiple SSIDs, page 7-2 • Config uring Multi ...

  • Cisco Systems 0L-11350-01 - page 174

    7-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs Understanding Multiple SSIDs Understanding Multiple SSIDs The SSID is a unique identif ier that wireless networ ki ng devices use to esta blish and maintain wireless connectivity . Multiple access points on a network or su ...

  • Cisco Systems 0L-11350-01 - page 175

    7-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 7 Configuring Multiple SSIDs Understanding Multiple SSI Ds Cisco IOS Release 12.3(7)J A supports confi guration of SSID parameters at the interface le vel on the CLI, but t he SSIDs are stored in global mode. Storing all SSI Ds in global mode ensures th ...

  • Cisco Systems 0L-11350-01 - page 176

    7-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs Configuring Multiple SSIDs Configuring Multiple SSIDs These sections contain conf iguration information for multip le SSIDs: • Default SSID Configu ration, page 7-4 • Creating an SSID Globally , page 7-4 • Using a RA ...

  • Cisco Systems 0L-11350-01 - page 177

    7-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple SSIDs Note Y ou use the ssid command’ s authentication optio ns to conf igure an authenticatio n type for each SSID. See Chapter 9, “Configuring an Access Point as a Local Authenticator , ” for ins ...

  • Cisco Systems 0L-11350-01 - page 178

    7-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs Configuring Multiple SSIDs Note When you enable guest SSID mode for the 802.11 g radio it applies to the 802.11 b radio as well since 802.11b and 802.11g o perate in the same 2.4Ghz band. Use the no form of the command to ...

  • Cisco Systems 0L-11350-01 - page 179

    7-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple Basic SSIDs SSID [buffalo ] : SSID [buffalo ] : Note This command sho ws only th e fi rst 15 characters of the SSID. Use the show dot11 associations client command to see SSIDs ha vi ng more than 15 char ...

  • Cisco Systems 0L-11350-01 - page 180

    7-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs Configuring Multiple Basic SSIDs Note Dev ices on your wir eless LAN that ar e conf igured to associate to a specific access point based on the access point MA C address (for example, client devi ces, repeaters, hot standb ...

  • Cisco Systems 0L-11350-01 - page 181

    7-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple Basic SSIDs Figure 7 -1 Global SSID Manager P age Step 2 Enter the SSID name in the SSID fie l d . Step 3 Use the VLAN drop-do wn menu to select the VLAN to wh ich the SSID is assigned. Step 4 Select the ...

  • Cisco Systems 0L-11350-01 - page 182

    7-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs Configuring Multiple Basic SSIDs Step 7 (Optiona l) In the Mul tiple BSSI D B eacon Settings section, select the Set SSID as Guest Mode check box to include the SSID in beacons. Step 8 (Optional) T o increase the battery ...

  • Cisco Systems 0L-11350-01 - page 183

    7-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 7 Configuring Multiple SSIDs Assigning IP Redirection for a n SSID Assigning IP Redirection for an SSID When you conf igure IP redirectio n for an SSID, the access point redire cts all packets sent from c lient devices associated to that SSID to a spec ...

  • Cisco Systems 0L-11350-01 - page 184

    7-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs Assigning IP Redirection for an SSID Guidelines for Using IP Redirection K eep these guidelines in mind when using IP redirection: • The access point does not redire ct broadcast, unicas t, or multicast BO O TP/D HCP pa ...

  • Cisco Systems 0L-11350-01 - page 185

    7-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 7 Configuring Multiple SSIDs Including an SSID in an SSIDL IE Including an SSID in an SSIDL IE The access point beacon can adv e rtise only one broadcast SSID. H owe ver , you can use SSIDL information elements (SSIDL IEs) in the access point beacon to ...

  • Cisco Systems 0L-11350-01 - page 186

    7-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs NAC Support for MBSSID A client, based on its health (softw are version, viru s version, and so on) is placed on a separate VLAN that is specified to download t he require d software to upgrade the client to the softw are ...

  • Cisco Systems 0L-11350-01 - page 187

    7-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 7 Configuring Multiple SSIDs NAC Support for MBSSID Configuring NAC for MBSSID Note This feature supports only Layer 2 mobility within VLANs. Layer 3 mobili ty using network ID is not supported in this feature. Note Before you attempt to enable NA C fo ...

  • Cisco Systems 0L-11350-01 - page 188

    7-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 7 Config uring Multipl e SSIDs NAC Support for MBSSID authentication open authentication network-eap eap_methods ! dot11 ssid mktg vlan mktg-normal backup mktg-infected1, mktg-infected2, mktg-infected3 authentication open authentication network-eap eap ...

  • Cisco Systems 0L-11350-01 - page 189

    CH A P T E R 8-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 8 Configuring Spanning Tree Protocol This chapter descibes how to conf i gure Spanning T ree Protocol (STP) on your access point. This chapter contains these sections: • Understanding Spanning Tree Protocol, page 8-2 • Config uring STP Features ...

  • Cisco Systems 0L-11350-01 - page 190

    8-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spanning Tree Protocol Understanding Spanning Tree Protocol This section describes ho w spanning-tree features work. It includes this information: • STP Overvie w , page 8-2 • Access Point/Bridge P ...

  • Cisco Systems 0L-11350-01 - page 191

    8-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 8 Configuring Spanning T ree Protocol Understanding Spanning Tree Protocol The access point maintains a separate spanning-tree instance for each acti ve VL AN configured on it. A bridge ID, consistin g of the bridge priority and the access point MA C ad ...

  • Cisco Systems 0L-11350-01 - page 192

    8-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spanning Tree Protocol When a access point receiv es a conf iguration BPDU that contains superior information (lower access point ID, lo wer path cost, and so forth), it stores th e information for tha ...

  • Cisco Systems 0L-11350-01 - page 193

    8-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 8 Configuring Spanning T ree Protocol Understanding Spanning Tree Protocol Spanning-Tree Timers Ta b l e 8 - 1 describes the timers that af fect the entire spanning-tree performance. Creating the Spanning-Tree Topology In Figure 8-1 , bridge 4 is electe ...

  • Cisco Systems 0L-11350-01 - page 194

    8-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spanning Tree Protocol it can create temporary data loo ps. Interfaces mu st wait for ne w topology information to propagate through the LAN before startin g to forward frames. The y must allo w the fr ...

  • Cisco Systems 0L-11350-01 - page 195

    8-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 8 Configuring Spanning T ree Protocol Understanding Spanning Tree Protocol 2. While spanning tree w aits the forw ard-delay timer to e xpire, it moves the i nterface to the learn ing state and resets the forwar d-delay timer . 3. In the learning state, ...

  • Cisco Systems 0L-11350-01 - page 196

    8-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Featur es Forwarding State An interface in the forwar ding state forwards frames . The interface enters the fo rwarding sta te from the learning state. An interface in the forw ardi ng state performs ...

  • Cisco Systems 0L-11350-01 - page 197

    8-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 8 Configuring Spanning T ree Protocol Configuring STP Features The radio and Ethernet interfaces and the nati ve VL AN on the access point are assigned to bridge gr oup 1 by def ault. When you enable STP and assign a priori ty on bridge group 1, STP is ...

  • Cisco Systems 0L-11350-01 - page 198

    8-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Featur es STP Configuration Examples These configuration e xamples show ho w to enable STP on root a nd non-root access points with and without VLANs: • Root Bridge W ithout VLANs, page 8-10 • N ...

  • Cisco Systems 0L-11350-01 - page 199

    8-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 8 Configuring Spanning T ree Protocol Configuring STP Features end Non-Root Bridge Without VLANs This exampl e shows the conf iguration of a non-root bridge wi th no VLANs confi gured with STP enabled: hostname client-bridge-north ip subnet-zero ! brid ...

  • Cisco Systems 0L-11350-01 - page 200

    8-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Featur es ip ssh authentication-retries 3 ! bridge irb ! interface Dot11Radio0 no ip address no ip route-cache ! ssid vlan1 vlan 1 infrastructure-ssid authentication open ! speed basic-6.0 9.0 12.0 ...

  • Cisco Systems 0L-11350-01 - page 201

    8-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 8 Configuring Spanning T ree Protocol Configuring STP Features bridge 1 route ip bridge 1 priority 9000 bridge 2 protocol ieee bridge 2 priority 10000 bridge 3 protocol ieee bridge 3 priority 3100 ! line con 0 exec-timeout 0 0 line vty 5 15 ! end Non-R ...

  • Cisco Systems 0L-11350-01 - page 202

    8-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Displaying Spanning-Tr ee Status speed auto ! interface FastEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 ! interface FastEthernet0.2 encapsulation dot1Q 2 no ip route-cache bridge-group ...

  • Cisco Systems 0L-11350-01 - page 203

    8-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 8 Configuring Spanning T ree Protocol Displaying Spanning-Tre e Status ...

  • Cisco Systems 0L-11350-01 - page 204

    8-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 8 Configur ing Spanning Tree Protocol Displaying Spanning-Tr ee Status ...

  • Cisco Systems 0L-11350-01 - page 205

    CH A P T E R 9-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 9 Configuring an Access Point as a Local Authenticator This chapter describes how to config ure the access poin t as a local authenticator to serv e as a stand-alone authenticator for a small wireless LAN or to pro v ide backup authentication servi ...

  • Cisco Systems 0L-11350-01 - page 206

    9-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Understanding Local Authentication Understanding Local Authentication Many smal l wireless LANs that could be made more secure with 802.1x authentication do not hav e access to a RADIUS server . O ...

  • Cisco Systems 0L-11350-01 - page 207

    9-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 9 Configuring an Access Point as a Local Authenticator Configuring a Local Au thenticator Guidelines for Local Authenticators Follo w these guidelines w hen configuring an access point as a local authenticator: • Use an access point that does not serv ...

  • Cisco Systems 0L-11350-01 - page 208

    9-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Lo cal Authenticator Step 3 radius-server local Enable the access point as a local authenticator and enter conf iguration mode for the authen ticator . Step 4 nas ip-addr ess key sha ...

  • Cisco Systems 0L-11350-01 - page 209

    9-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 9 Configuring an Access Point as a Local Authenticator Configuring a Local Au thenticator This example show s how to set up a local authenticat or used by three access points with three user groups and se veral users: AP# configure terminal AP(config)# ...

  • Cisco Systems 0L-11350-01 - page 210

    9-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Lo cal Authenticator AP(config-radsrv)# user 00095125d02b password 00095125d02b group cashiers AP(config-radsrv)# user 00079431f04a password 00079431f04a group cashiers AP(config-rad ...

  • Cisco Systems 0L-11350-01 - page 211

    9-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 9 Configuring an Access Point as a Local Authenticator Configuring a Local Au thenticator Each time the access point t ries to use the main serv ers while they are do wn, th e client device trying to authenticate might repor t an authentication timeout. ...

  • Cisco Systems 0L-11350-01 - page 212

    9-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Lo cal Authenticator In this example, the local authenticat or generates a P A C for the username joe , password-pro tects the file with the password bingo , sets the P AC t o expire ...

  • Cisco Systems 0L-11350-01 - page 213

    9-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 9 Configuring an Access Point as a Local Authenticator Configuring a Local Au thenticator Limiting the Local Authenticator to One Authentication Type By default, a local authenticator access poi nt performs LEAP , EAP-F AST , and MAC-based authenticatio ...

  • Cisco Systems 0L-11350-01 - page 214

    9-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Lo cal Authenticator Username Successes Failures Blocks nicky 0 0 0 jones 0 0 0 jsmith 0 0 0 Router#sh radius local-server statistics Successes : 1 Unknown usernames : 0 Client bloc ...

  • Cisco Systems 0L-11350-01 - page 215

    9-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 9 Configuring an Access Point as a Local Authenticator Configuring a Local Au thenticator Using Debug Messages In pri vileged ex ec mode, enter this command to contr ol the display of deb ug messages for the local authenticator: AP# debug radius local- ...

  • Cisco Systems 0L-11350-01 - page 216

    9-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Lo cal Authenticator ...

  • Cisco Systems 0L-11350-01 - page 217

    CH A P T E R 10-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 10 Configuring Cipher Suites and WEP This chapter describes ho w to conf igure the cipher su ites required to use WP A and CCKM authenticated ke y management, W ired Equiv a lent Pri vacy (WEP) , WEP features including AES, Message Integrity Check ...

  • Cisco Systems 0L-11350-01 - page 218

    10-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 10 Configurin g Cipher Suites and WEP Understanding Cipher Suites and WEP Understanding Cipher Suites and WEP This section descri bes how WEP and cipher suites protect t raff ic on your wireless LAN. Just as anyone with in range of a radio station can ...

  • Cisco Systems 0L-11350-01 - page 219

    10-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 10 Configuring Cipher Suites and WEP Configuring Ciph er Suites and WEP • TKIP (T emporal Ke y Integrit y Protocol)—TKIP is a suite of algorithms surrou nding WEP that is designed to ac hiev e the best possi ble security o n legacy hardware b ui lt ...

  • Cisco Systems 0L-11350-01 - page 220

    10-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 10 Configurin g Cipher Suites and WEP Configuring Cipher Suites a nd WEP Beginni ng in pri vile ged EXEC mode, follo w these st eps to create a WEP key and set the k ey properties: This example sh ows ho w to create a 128-bit WEP ke y in slot 3 for VLA ...

  • Cisco Systems 0L-11350-01 - page 221

    10-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 10 Configuring Cipher Suites and WEP Configuring Ciph er Suites and WEP WEP Key Restrictions T able 10-1 lists WEP key restrictions based on you r security configuration. Example WEP Key Setup T able 10-2 sho w s an example WEP k ey set up that would w ...

  • Cisco Systems 0L-11350-01 - page 222

    10-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 10 Configurin g Cipher Suites and WEP Configuring Cipher Suites a nd WEP Note If you enable MIC but you use static WEP (you do not enable an y type of EAP authentication), both the access point and any devices with whic h it co mmunicates must use the ...

  • Cisco Systems 0L-11350-01 - page 223

    10-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 10 Configuring Cipher Suites and WEP Configuring Ciph er Suites and WEP Use the no form of the encryption command to disable a cipher suite. This example sets up a cipher su ite for VLAN 22 that enables CKIP (unsupport ed), CMIC (unsupported), and 128- ...

  • Cisco Systems 0L-11350-01 - page 224

    10-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 10 Configurin g Cipher Suites and WEP Configuring Cipher Suites a nd WEP Beginni ng in pri vileged EXEC mode, foll ow th ese steps to enable broadcast k ey rotation: Use the no form of the encryption command to disable b roadcast key rot ation. This ex ...

  • Cisco Systems 0L-11350-01 - page 225

    CH A P T E R 11-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 11 Configuring Authentication Types This chapter descri bes how to configure authentica tion types on the access pointwireless device. This chapter contains these sections : • Understanding Authen tication T ypes, page 11-2 • Config uring Auth ...

  • Cisco Systems 0L-11350-01 - page 226

    11-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Understanding Authentication Types Understanding Authentication Types This section describes the authentication types that you can co nfigure on the access point. The authentication types are ti ed to the SSIDs that ...

  • Cisco Systems 0L-11350-01 - page 227

    11-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Understanding Authentication Types Figur e 1 1 -1 Sequence for Open A uthent ication Shared Key Authentication to the Access Point Cisco provides shared k ey authenti cat ion to comply with the IEEE 802.11b standard. ...

  • Cisco Systems 0L-11350-01 - page 228

    11-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Understanding Authentication Types EAP Authentication to the Network This authentication t ype provides t he highest lev el of security for your wireless networ k. By using the Extensible A uthentica tion Proto col ...

  • Cisco Systems 0L-11350-01 - page 229

    11-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Understanding Authentication Types There is more than one typ e of EAP authentication, b ut the access point behav es the same way f or each type: it re lays authen tication m ess ages from the wireless client de vic ...

  • Cisco Systems 0L-11350-01 - page 230

    11-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Understanding Authentication Types Figur e 1 1 -4 Sequence f or MAC-Based A uthentication Combining MAC-Based, EAP, and Open Authentication Y ou can set up the access point to authenticate c lient de vices using a c ...

  • Cisco Systems 0L-11350-01 - page 231

    11-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Understanding Authentication Types Figure 11-5 sho ws the reassociation proce ss using CCKM. Figur e 1 1 -5 Client R eassociation Using CCKM Using WPA Key Management W i-Fi Protected Access is a standards-based , int ...

  • Cisco Systems 0L-11350-01 - page 232

    11-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Understanding Authentication Types Figure 11-6 sh ows the WP A key management process. Figure 1 1-6 WP A Key Manag ement Process Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP T able 11-1 lists ...

  • Cisco Systems 0L-11350-01 - page 233

    11-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Understanding Authentication Types T o support the secur ity combinations in T able 11-1 , your Cisco Air onet access points and Cisco Aironet client de vices must run the follow ing software and fi rmware versions: ...

  • Cisco Systems 0L-11350-01 - page 234

    11-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Configuring Au thentication Types Note When you configure TKIP -only cipher encryp tion (not TKIP + WE P 128 or TKIP + WEP 40 ) on any radio interface o r VLAN, e very SSID on t hat radio or VLAN must be set to use ...

  • Cisco Systems 0L-11350-01 - page 235

    11-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Configuring Aut hentication Types Step 3 authentication open [ mac-address list -name [ alter nate ]] [[ optional ] eap list-name ] (Optional) Set the authenticati on type to open for this SSID. Open authenticati on ...

  • Cisco Systems 0L-11350-01 - page 236

    11-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Configuring Au thentication Types Step 5 authentication network-eap list-name [ mac-address list -name ] (Optional) Set the authenticati on type for the SSID to Network-EAP . Using the Extensible Aut hentication Pr ...

  • Cisco Systems 0L-11350-01 - page 237

    11-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Configuring Aut hentication Types Use the no form of the SSID commands to disable th e SSID or to disable SSID features. This exampl e sets the authentication t ype for the SSID batm an to Network- EAP with C CKM au ...

  • Cisco Systems 0L-11350-01 - page 238

    11-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Configuring Au thentication Types Configuring Additional WPA Settings Use two opti onal settings to conf ig ure a pre-shared key on the access point and adjust t he frequency o f group k ey updat es. Setting a Pre- ...

  • Cisco Systems 0L-11350-01 - page 239

    11-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Configuring Aut hentication Types This exampl e show s how to config ure a pre-shared ke y for clients using WP A and static WEP , with group ke y update options: ap# configure terminal ap(config-if)# ssid batman ap ...

  • Cisco Systems 0L-11350-01 - page 240

    11-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Configuring Au thentication Types Use the no form of the dot11 aaa mac-authen f ilter-cache command t o disable MA C authentication caching. This example sho w s how to enable MA C authentication cac hing with a on ...

  • Cisco Systems 0L-11350-01 - page 241

    11-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Configuring Aut hentication Types Use the no form of these commands to reset the v alues to default settings. Creating and Applying EAP Method Pr ofiles for the 802.1X Supplicant This section descri bes the optional ...

  • Cisco Systems 0L-11350-01 - page 242

    11-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Configuring Au thentication Types Creating an EAP Method Profile Beginni ng in pri vileged e xec mode, foll ow these st eps to defi ne a ne w EAP profil e: Use the no command to negate a command or set it s default ...

  • Cisco Systems 0L-11350-01 - page 243

    11-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Matching Access Point and Clie nt Device Authentication Type s Applying an EAP Prof ile to an Uplink SSID This operation typical ly applies to repeater access points. Begi nning in the pri vileged ex ec mode, follow ...

  • Cisco Systems 0L-11350-01 - page 244

    11-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Matching Access Point a nd Client Device Au thentication Types LEAP authentication Enable LEAP Set up and enable WEP and enable Network-EAP for the SSID 1 EAP-F AST authentication Enab le EAP-F AST and enable autom ...

  • Cisco Systems 0L-11350-01 - page 245

    11-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 11 Configuring Authentication Types Matching Access Point and Clie nt Device Authentication Type s 802.1X authen tication and WP A Enable any 802.1X authentication method Select a cipher suite and enable Open authentication and WP A for the SSID (you ...

  • Cisco Systems 0L-11350-01 - page 246

    11-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 11 Configurin g Authentication Types Matching Access Point a nd Client Device Au thentication Types PEAP authentication If using ACU to config ure card Enable Host Based EAP and Use Dynamic WEP K eys in A CU and select Enable network access control us ...

  • Cisco Systems 0L-11350-01 - page 247

    CH A P T E R 12-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access points for wireless domain services (WDS), fast, secure roaming of cli ent devices, radio mana ...

  • Cisco Systems 0L-11350-01 - page 248

    12-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding WDS Understanding WDS When you conf igure W ireless Domain Services on your netwo rk, access points on your wirele ss LAN use the WDS device ( ...

  • Cisco Systems 0L-11350-01 - page 249

    12-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Understanding Fast Secure Roaming Role of Access Points Using the WDS Device The access points on your wir eless LAN intera ct with the WDS device in ...

  • Cisco Systems 0L-11350-01 - page 250

    12-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding Fast Secure Roaming Figur e 12-1 Client A u thentication Us ing a RADIUS Server When you conf igure your wireless LAN for fast, secure roamin ...

  • Cisco Systems 0L-11350-01 - page 251

    12-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Understanding Radio Mana gement device. The WDS de vice forwards the client’ s cred entials to the new access point, and the ne w access point sends ...

  • Cisco Systems 0L-11350-01 - page 252

    12-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding Wir eless Intrusion Detection Services Figur e 12-3 Requir ed Components for Lay er 3 Mobility Click this link to bro wse to the information p ...

  • Cisco Systems 0L-11350-01 - page 253

    12-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS access points. The WLSE examines the BRIDG E MIB of each CDP-discovered switch to determine if they contain an y of the target MA C ad ...

  • Cisco Systems 0L-11350-01 - page 254

    12-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS • Config uring the Authentication Serv er to Support WDS, page 12-15 • Config uring WDS Only Mode, page 1 2-20 • V iewing WDS Informat ...

  • Cisco Systems 0L-11350-01 - page 255

    12-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS Figure 12-4 sho ws the required configuration for each de vice that pa rticipates in WDS. Figure 12-4 Config urations on Devices Parti ...

  • Cisco Systems 0L-11350-01 - page 256

    12-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS On the access point that you want to conf igure as your primary WDS access point, follo w these steps to configure the access point as the ...

  • Cisco Systems 0L-11350-01 - page 257

    12-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS Step 5 In the W ireless Domain Services Priority f ield, enter a priority number f rom 1 to 255 to set the priorit y of this WDS ca n ...

  • Cisco Systems 0L-11350-01 - page 258

    12-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Figur e 12-7 WDS Server Gr oups P age Step 10 Create a group of serv ers to be used for 802.1x authentication f or the infrastructure de vi ...

  • Cisco Systems 0L-11350-01 - page 259

    12-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS Step 14 Config ure the list of serv ers to be used for 802.1x authentication for cl ient de vices. Y ou can specify a separate list f ...

  • Cisco Systems 0L-11350-01 - page 260

    12-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Configuring Access Points to use the WDS Device Follo w these steps to configure an access point to authenti cate through the WDS de vice a ...

  • Cisco Systems 0L-11350-01 - page 261

    12-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS The access points that you configur e to interact with the WDS auto matically perform these steps: • Discov er and track the curren ...

  • Cisco Systems 0L-11350-01 - page 262

    12-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Figur e 12-9 Netw or k Configuration P age Step 2 Click Add Entry unde r the AAA C lients tabl e. The Add AA A Client pa ge appears. Figure ...

  • Cisco Systems 0L-11350-01 - page 263

    12-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS Figure 12-1 0 Add AAA Client P a ge Step 3 In the AAA Client Hostname f ield, enter the name of the WDS de vice. Step 4 In the AAA Cl ...

  • Cisco Systems 0L-11350-01 - page 264

    12-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Figure 12-1 1 User Setup P age Step 10 Enter the name of the access point in the User field. Step 11 Click Add/Edit . Step 12 Scroll do wn ...

  • Cisco Systems 0L-11350-01 - page 265

    12-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS Figure 12-12 A CS User Setup Bo x Step 13 Select CiscoSecure Database from the P assword Authenti cation drop-do w n menu. Step 14 In ...

  • Cisco Systems 0L-11350-01 - page 266

    12-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Step 17 Browse to the System Co nfiguration page , click Service Control , and restart A CS to apply your entries. Figure 12-13 sho ws the ...

  • Cisco Systems 0L-11350-01 - page 267

    12-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WDS Viewing WDS Information On the web-bro wser interface, bro wse to the W ireless Services Summary page to vie w a summary of WDS statu ...

  • Cisco Systems 0L-11350-01 - page 268

    12-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Fast Secu re Roaming Using Debug Messages In pri vileged ex ec mode, use these deb ug commands to control the display of deb ug messages for de ...

  • Cisco Systems 0L-11350-01 - page 269

    12-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring Fast Secure Roaming Configuring Access Points to Support Fast Secure Roaming T o support fast, secure roami ng, the access points on your ...

  • Cisco Systems 0L-11350-01 - page 270

    12-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Fast Secu re Roaming Figure 12-15 Global SSID Ma nager P age Step 6 On the SSID that suppor ts CCKM, select these settings: b. If your access p ...

  • Cisco Systems 0L-11350-01 - page 271

    12-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring Management Fra me Protection d. Select Mandatory or Optional under Authenticate d Ke y Manage ment. If you select Mandatory , only client ...

  • Cisco Systems 0L-11350-01 - page 272

    12-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Management Frame Protection Infrastructure MFP provides Inf rastr ucture support. Infrast ructure MFP utilizes a message inte grity check (MIC) across broa ...

  • Cisco Systems 0L-11350-01 - page 273

    12-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Management Frame Protection Client MFP can be configured as either requi red or optional for a particular SSID. T o conf igure Client MFP as required ...

  • Cisco Systems 0L-11350-01 - page 274

    12-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Management Frame Protection Beginni ng in pri vileged EXEC mode, foll ow th ese steps to conf igure the WDS: Step 3 dot11 ids mfp detector Configures the a ...

  • Cisco Systems 0L-11350-01 - page 275

    12-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring Radio M anagement Configuring Radio Management *When you conf igure access points on you r wireless LAN to use WDS, the access points aut ...

  • Cisco Systems 0L-11350-01 - page 276

    12-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Radio Management Figure 12-1 7 WDS/WNM General Set up P age Step 4 Check the Configur e W ireless Network Manager check box. Step 5 In the W ir ...

  • Cisco Systems 0L-11350-01 - page 277

    12-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring Access Points to Participate in WIDS Configuring Access Points to Participate in WIDS T o participate in WIDS, ac cess points must be con ...

  • Cisco Systems 0L-11350-01 - page 278

    12-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Access Points to Participate in WIDS Displaying Monitor Mode Statistics Use the show wlccp a p rm monitor statisti cs global conf iguration com ...

  • Cisco Systems 0L-11350-01 - page 279

    12-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intr usion Detection Services Configuring WLSM Failover Configuring Monitor Mode Limits Y ou can configure threshold values that the access po int uses in monitor mode . When a th ...

  • Cisco Systems 0L-11350-01 - page 280

    12-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WLSM Failover tunnels, which k eeps data traf fic go ing between client and SUP . But because of the WLSM f ailure, the control traf fic going ...

  • Cisco Systems 0L-11350-01 - page 281

    CH A P T E R 13-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 13 Configuring RADIUS and TACACS+ Servers This chapter describes ho w to enable and configur e the Remote Authen ticati on Dial-In Use r Service (RADIUS) and T erminal Access Cont roller Access Control System Pl u s ( T AC AC S + ) , t h a t p r o ...

  • Cisco Systems 0L-11350-01 - page 282

    13-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS Configuring and Enabling RADIUS This section descri bes how to conf igure and en able RADI US. These section s describe RADI US configuration: • Understanding RADIUS, page 1 ...

  • Cisco Systems 0L-11350-01 - page 283

    13-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS RADIUS Operation When a wireless user attempts to log in and auth enticate to an access point whose access is controlle d by a RADIUS server , authentication to th e network occ ...

  • Cisco Systems 0L-11350-01 - page 284

    13-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS Configuring RADIUS This section d escribes ho w to conf igure yo ur access point to su pport RADIUS. At a minimum, you must identify the host or hosts that run the RADIUS serv ...

  • Cisco Systems 0L-11350-01 - page 285

    13-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Identifying the RADIUS Server Host Access point-to-RADIUS-server communi cation in volv es sev eral components: • Host name or IP address • Authentication destinati on port ...

  • Cisco Systems 0L-11350-01 - page 286

    13-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS Command Purpose Step 1 configur e terminal Enter global conf iguration mode. Step 2 aaa new-model Enable AAA. Step 3 radius-server host { hostname | ip-addr ess } [ auth-port ...

  • Cisco Systems 0L-11350-01 - page 287

    13-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o remove the specified RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. This example shows ho w to configure one RADIUS serv ...

  • Cisco Systems 0L-11350-01 - page 288

    13-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS authenticate users; if t hat method fails to respond , the software selects the ne xt authentication method in the method list. This process continues until there is successf ...

  • Cisco Systems 0L-11350-01 - page 289

    13-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1 [ m ...

  • Cisco Systems 0L-11350-01 - page 290

    13-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS Step 3 radius-server host { hostname | ip-addr ess } [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit re t r i e s ] [ key string ] Specif ...

  • Cisco Systems 0L-11350-01 - page 291

    13-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o remove the specified RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. T o remov e a server group from t he configurati on ...

  • Cisco Systems 0L-11350-01 - page 292

    13-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS Beginni ng in pri vileged EXEC mode, follo w these steps to specify RADIUS authorization for pri vileged EXEC access and network services: T o disable authorization, use the ...

  • Cisco Systems 0L-11350-01 - page 293

    13-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Note When WDS is configured, PoD requ ests should be directed to the WDS. The WDS forwards the disassociation request to the parent access point and th en pur ges the session f ...

  • Cisco Systems 0L-11350-01 - page 294

    13-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS T o disable accounting, use t he no aaa accounting { network | exec } { start-stop } method 1... global confi guration command. Selecting the CSID Format Y ou can select the ...

  • Cisco Systems 0L-11350-01 - page 295

    13-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Configuring Settings fo r All RADIUS Servers Beginni ng in pri vileged EXEC mod e, follow these steps to conf igure global communication settings between the acc ess point and ...

  • Cisco Systems 0L-11350-01 - page 296

    13-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS This ex ample sho ws ho w to set up tw o main serv ers and a local authen ticator with a server deadtime of 10 minutes: AP(config)# aaa new-model AP(config)# radius-server ho ...

  • Cisco Systems 0L-11350-01 - page 297

    13-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS For a complete list of RADIUS attribut es or more information about VSA 26, refer to the “RADIUS Attrib utes” appendix in the Cisco I OS Security Conf iguration Guide for R ...

  • Cisco Systems 0L-11350-01 - page 298

    13-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS T o delete the vendor -proprietary RADIUS host, use the no radius-server host { hostname | ip-addr ess } non-standard global conf iguration command. T o disable the key , us ...

  • Cisco Systems 0L-11350-01 - page 299

    13-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Beginning in priv ileged EXEC mode, foll ow these st eps to specify WISPr RADIUS attrib utes on the access point: This exampl e show s how to conf igur e the WISPr location-nam ...

  • Cisco Systems 0L-11350-01 - page 300

    13-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS RADIUS Attributes Sent by the Access Point T able 13-2 through T a ble 13-6 identify the attributes sent by an a ccess point to a client in access-request, access-accept, and ...

  • Cisco Systems 0L-11350-01 - page 301

    13-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T able 13-4 Attr ibutes Sent in Accounting-Request (star t) Pac kets Attribute ID Description 1U s e r - N a m e 4 N AS-IP-Address 5N A S - P o r t 6 Service-T ype 25 Class 41 ...

  • Cisco Systems 0L-11350-01 - page 302

    13-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and En abling RADIUS Note By default, the access point sends reauthentication requests to the authentication serv er with the service-type attrib ute set to authenticate -only . Ho we ver , some ...

  • Cisco Systems 0L-11350-01 - page 303

    13-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enabling T ACACS+ Configuring and Enabling TACACS+ This section contains this conf iguration informat ion: • Understanding T ACA CS+, page 13-23 • T A CA CS+ Operation, page 13-24 • Confi ...

  • Cisco Systems 0L-11350-01 - page 304

    13-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and Enablin g TACACS+ TACACS+ Operation When an administrator attempts a simple ASCII login by authenti cating to an access point using T A CA CS+, this process occurs: 1. When the connection i s ...

  • Cisco Systems 0L-11350-01 - page 305

    13-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enabling T ACACS+ This section contains this conf iguration informat ion: • Default T A CA CS+ Configuration, page 13-25 • Identifying t he T A CA CS+ Server Host and Setting the A uthentic ...

  • Cisco Systems 0L-11350-01 - page 306

    13-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and Enablin g TACACS+ T o remove the specif ied T A CA CS+ server name or address, use the no tacacs-s erver host hostname global conf iguration command. T o remov e a server gr oup from the conf ...

  • Cisco Systems 0L-11350-01 - page 307

    13-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enabling T ACACS+ T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1 [ ...

  • Cisco Systems 0L-11350-01 - page 308

    13-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and Enablin g TACACS+ The aaa authoriza tion exec taca cs+ local command sets these au thorization parameters: • Use T A CACS+ for privile ged EXEC access authorization if authentication w as p ...

  • Cisco Systems 0L-11350-01 - page 309

    13-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enabling T ACACS+ T o disable accounting, use t he no aaa accounting { network | exec } { start-stop } method1... global confi guration command. Displaying the TACACS+ Configuration T o display ...

  • Cisco Systems 0L-11350-01 - page 310

    13-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 13 Config uring RADIUS a nd TACACS+ Servers Configuring and Enablin g TACACS+ ...

  • Cisco Systems 0L-11350-01 - page 311

    CH A P T E R 14-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 14 Configuring VLANs This chapter describes how to configure your access point to operate with the VLANs set up on your wired LAN in the follo wing sections:. These sections descr ibe how t o confi gure your access point to support VLAN s: • Und ...

  • Cisco Systems 0L-11350-01 - page 312

    14-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 14 Configuring VLA Ns Understanding VLANs Understanding VLANs A VLAN is a swit ched network t hat is logically segmented, b y functions, pro ject teams, or applications rather than on a physical or geographical basis. F or exampl e, all workstations an ...

  • Cisco Systems 0L-11350-01 - page 313

    14-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 14 Configuring VLANs Understanding VLANs Figur e 14-1 LAN and VLAN Segmentation with Wir eless Devices Related Documents These documents prov ide more detailed informati on p ertaining to VLAN d esign and conf iguration: • Cisco IOS Switchi ng Servic ...

  • Cisco Systems 0L-11350-01 - page 314

    14-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 14 Configuring VLA Ns Configuring VLANs Incorporating Wireless Devices into VLANs The basic wireless componen ts of a VLAN consist of an access point and a client associated to it using wireless technology . The access point is physically co nnected th ...

  • Cisco Systems 0L-11350-01 - page 315

    14-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 14 Configuring VLANs Configuri ng VLANs Configuring a VLAN Note When you confi gure VLANs on access points, th e Na ti ve VLAN must be V LAN1. In a single architecture, client traff ic received b y the access po int is tunneled through an IP-GRE tunnel ...

  • Cisco Systems 0L-11350-01 - page 316

    14-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 14 Configuring VLA Ns Configuring VLANs Step 3 ssid ssid-string Create an SSID and enter SSID configuration mode for the new SSID. The SSID can consist of up t o 32 alphanumeric characters. SSI Ds are case sensiti ve. The SSID can consist of up to 32 a ...

  • Cisco Systems 0L-11350-01 - page 317

    14-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 14 Configuring VLANs Configuri ng VLANs This example sho ws how to: • Name an SSID • Assign the SSID to a V LAN • Enable the VLAN on the radio and Ethernet ports as the na tiv e VLAN ap1200Router# configure terminal ap1200Router(config)# interfac ...

  • Cisco Systems 0L-11350-01 - page 318

    14-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 14 Configuring VLA Ns Configuring VLANs Creating a VLAN Name Beginning in priv ileged EXEC mode, foll ow these steps to assign a name to a VLAN: Use the no form of the command to remov e the name from the VLAN. Use the show dot11 vlan-name priv ileged ...

  • Cisco Systems 0L-11350-01 - page 319

    14-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 14 Configuring VLANs Configuri ng VLANs Using a RADIUS Server for Dynamic Mobility Group Assignment Y ou can configure a RADIUS server to dynamic ally assi gn mobility gro ups to users or user gr oups. This eliminates the need to conf igure multiple SS ...

  • Cisco Systems 0L-11350-01 - page 320

    14-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 14 Configuring VLA Ns VLAN Configuratio n Example Virtual-Dot11Radio0 Protocols Configured: Address: Received: Transmitted: Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Virtual LAN ID: 2 (IEEE 802. ...

  • Cisco Systems 0L-11350-01 - page 321

    14-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 14 Configuring VLANs VLAN Configuratio n Example 4. Configure VLAN 1, the Management VLAN, on both the fastEthernet and do t11radio interfaces on the access point. Y ou should make this VLAN the nati ve VLAN. 5. Config ure VLANs 2 and 3 on both the f ...

  • Cisco Systems 0L-11350-01 - page 322

    14-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 14 Configuring VLA Ns VLAN Configuratio n Example T able 14-3 sho w s the results of the con figur ation commands in T able 14-2 . Use the show running command to display th e running conf igurati on on the access point. Notice that when yo u configur ...

  • Cisco Systems 0L-11350-01 - page 323

    14-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 14 Configuring VLANs VLAN Configuratio n Example ...

  • Cisco Systems 0L-11350-01 - page 324

    14-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 14 Configuring VLA Ns VLAN Configuratio n Example ...

  • Cisco Systems 0L-11350-01 - page 325

    CH A P T E R 15-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 15 Configuring QoS This chapter describes how to conf igure quality of se rvice (QoS) on your access point. W ith this feature, you can provide preferential treatment to certain traff i c at the expense of others. W ithout QoS, the access point of ...

  • Cisco Systems 0L-11350-01 - page 326

    15-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS Understanding Qo S for Wireless LANs Understanding QoS for Wireless LANs T ypically , networks operate on a best-ef fort deli very ba sis, which means that all traf fic has equal priority and an equal chance of being deli vered in a ...

  • Cisco Systems 0L-11350-01 - page 327

    15-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs QoS on the wireless LAN focuses on do wnstream prioritization from the access point. Figur e 15-1 sho ws the upstream and downstream traf fic flo w . Figur e 15-1 Upstr eam and Downstr eam T raf fi ...

  • Cisco Systems 0L-11350-01 - page 328

    15-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS Understanding Qo S for Wireless LANs Note This release continues to support e xisting 7920 wireless ph one fi rmware. Do not attempt to use the ne w standard (IEEE 802.11e draft 13) QBSS Load IE with the 7920 W ireless Phone until ne ...

  • Cisco Systems 0L-11350-01 - page 329

    15-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 15 Configuring QoS Configuri ng QoS Configuring QoS QoS is disabled by def ault (ho wev er , the radio interface always honors tagged 802.1P packets e ven when you have not configured a QoS policy). This section de scribes how to configure QoS on your ...

  • Cisco Systems 0L-11350-01 - page 330

    15-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS Configuring QoS Figur e 15-2 QoS P olicies Pag e Step 3 Wi t h <NEW> selected in the Create/Edit Po licy f ield, ty pe a name for the QoS policy in th e Policy Name entry f ield. The name can contain up to 25 alphanumer ic char ...

  • Cisco Systems 0L-11350-01 - page 331

    15-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 15 Configuring QoS Configuri ng QoS Step 4 If the packets that you need to pr ioritize contain IP preceden ce information in the IP header TOS field, select an IP precedence classification from the IP Precedence drop-down menu. Menu selection s include ...

  • Cisco Systems 0L-11350-01 - page 332

    15-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS Configuring QoS • Assured Forw arding — Class 4 High • Class Selector 1 • Class Selector 2 • Class Selector 3 • Class Selector 4 • Class Selector 5 • Class Selector 6 • Class Selector 7 • Expedited Forwarding Step ...

  • Cisco Systems 0L-11350-01 - page 333

    15-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 15 Configuring QoS Configuri ng QoS Step 18 Use the Apply Policies to Interface/VLANs drop-d own menus to apply policies to the access point Ethernet and radio ports. If VLANs are configured on the access point, drop-down menus for each VLANs’ virtua ...

  • Cisco Systems 0L-11350-01 - page 334

    15-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS Configuring QoS IGMP Snooping When Internet Group Membership Protocol (IGMP) snooping is enabled on a switch an d a client roams from one access poin t to another , the clients’ mul ticast session is dropped. When the access point ...

  • Cisco Systems 0L-11350-01 - page 335

    15-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 15 Configuring QoS Configuri ng QoS Figure 15-4 sho ws t he Radio Acc ess Categories page. Dual-radi o access point s have a Radio Access Categories page fo r each radio. Figur e 15-4 Radio A ccess Categ or ies P a ge T able 15-1 D ef ault QoS Radio A ...

  • Cisco Systems 0L-11350-01 - page 336

    15-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS Configuring QoS Note In this release, clients are bloc ked from using an access category when you select Enable for Admission Control. Optimized Voice Settings Using the Admi ssion Control check box es, you can cont rol client use o ...

  • Cisco Systems 0L-11350-01 - page 337

    15-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 15 Configuring QoS QoS Configuration Examp les Enabling Admission Control This section descri bes how to enable admission control on an SSID. For a list of Ci sco IOS commands for enabling admission control usi ng the CLI, consult the Cisco IOS Comman ...

  • Cisco Systems 0L-11350-01 - page 338

    15-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS QoS Configuration Ex amples Figure 15-5 QoS Policies P age f or V oice Example The network admin istrat or also enables the QoS element for wir eless phones settin g on the Qo S Policies - Adv anced page. This setting gi ves priorit ...

  • Cisco Systems 0L-11350-01 - page 339

    15-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 15 Configuring QoS QoS Configuration Examp les Figure 15-6 QoS Policies P age for Video Example ...

  • Cisco Systems 0L-11350-01 - page 340

    15-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 15 Configuring QoS QoS Configuration Ex amples ...

  • Cisco Systems 0L-11350-01 - page 341

    CH A P T E R 16-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 16 Configuring Filters This chapter describe s how to configure and manage MA C address, IP , an d Ethertype filters on the access point using the we b-browser i nterface . This chapter contains these sections: • Understanding Filters, page 16-2 ...

  • Cisco Systems 0L-11350-01 - page 342

    16-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 16 Configuring Filters Understanding Filte rs Understanding Filters Protocol filters (IP protocol , IP port, and Ethert ype) prevent or allo w the use of specific protocols through the acc ess point’ s Ethernet an d radio ports. Y ou can set u p indi ...

  • Cisco Systems 0L-11350-01 - page 343

    16-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 16 Configuring Fi lters Configuring Filters Using the Web-Browser Interface Configuring Filters Using the Web-Browser Interface This section descri bes how to config ure and enable f ilters using the web-bro wser interface. Y ou complete two steps to c ...

  • Cisco Systems 0L-11350-01 - page 344

    16-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 16 Configuring Filters Configuring Filters Usi ng the Web-Browser Interface Figure 16-1 MAC Addr ess Filters P age Follo w this link path to reach the Address Filters page: 1. Click Services in the page na vigation bar . 2. In the Services page list, c ...

  • Cisco Systems 0L-11350-01 - page 345

    16-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 16 Configuring Fi lters Configuring Filters Using the Web-Browser Interface Step 5 Use the Mask entry field to indicate ho w many bi ts, from left to rig ht, the f ilter checks against t he MA C address. For e xample, to require an exact matc h with th ...

  • Cisco Systems 0L-11350-01 - page 346

    16-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 16 Configuring Filters Configuring Filters Usi ng the Web-Browser Interface If clients are not f iltered immediately , click Reload on the Sy stem Conf iguration page to restart the access point. T o reach the Syst em Configuration page, click System S ...

  • Cisco Systems 0L-11350-01 - page 347

    16-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 16 Configuring Fi lters Configuring Filters Using the Web-Browser Interface Step 3 Click Advanced Security to bro wse to the Adv anced Security: MA C Address Authentication page. Figure 16-4 sho ws the MAC Address Authentication page. Figur e 16-4 A dv ...

  • Cisco Systems 0L-11350-01 - page 348

    16-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 16 Configuring Filters Configuring Filters Usi ng the Web-Browser Interface Step 6 Click A pply . ACL Logging A CL logging is not supported on the br idging interfaces of AP plat forms. When applied on bridging interface, it wi ll work as if con figure ...

  • Cisco Systems 0L-11350-01 - page 349

    16-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 16 Configuring Fi lters Configuring Filters Using the Web-Browser Interface Figure 16-6 I P Filters P age Follo w this link path to reach the IP Filters page: 1. Click Services in the page na vigation bar . 2. In the Services page list, click Filters . ...

  • Cisco Systems 0L-11350-01 - page 350

    16-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 16 Configuring Filters Configuring Filters Usi ng the Web-Browser Interface Creating an IP Filter Follo w these steps to create an IP fil ter: Step 1 Follo w the link path to the IP Filters page. Step 2 If you are creating a new f i lter , make sure & ...

  • Cisco Systems 0L-11350-01 - page 351

    16-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 16 Configuring Fi lters Configuring Filters Using the Web-Browser Interface Step 15 When the f ilter is complete, click Appl y . The filter is sav ed on the access point, but it is not enabled until you apply i t on the Apply Filters page. Step 16 Cli ...

  • Cisco Systems 0L-11350-01 - page 352

    16-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 16 Configuring Filters Configuring Filters Usi ng the Web-Browser Interface Figure 16-8 Ethertype Filters P age Follo w this link path to reach the Ethertype Fi lters page: 1. Click Services in the page na vigation bar . 2. In the Services page list, ...

  • Cisco Systems 0L-11350-01 - page 353

    16-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 16 Configuring Fi lters Configuring Filters Using the Web-Browser Interface Step 7 Click Add . The Ethertype appears in the Filters Classes fi eld. T o remove the Ethertype from the Filters Classes list, select it and click Delete C lass . Repeat Step ...

  • Cisco Systems 0L-11350-01 - page 354

    16-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 16 Configuring Filters Configuring Filters Usi ng the Web-Browser Interface ...

  • Cisco Systems 0L-11350-01 - page 355

    CH A P T E R 17-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 17 Configuring CDP This chapter describes ho w to configure Cisco Disco very Protocol (CDP) on your access point . Note For complete syntax and usage in formation for the co mmands used in this chap ter , refer to the Cisco Air one t 1200 Series A ...

  • Cisco Systems 0L-11350-01 - page 356

    17-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 17 Configur ing CDP Understanding CDP Understanding CDP Cisco Discov ery Protocol (CDP) is a de vice-disco v ery protocol that runs on all Cisco netw ork equipment. Each de vice sends identifying messages to a multicast address, and e ach device monito ...

  • Cisco Systems 0L-11350-01 - page 357

    17-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 17 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This exampl e show s how to conf igur e and verify CDP characteristics: AP# configure terminal AP(config)# cdp holdtime 120 AP(config)# cdp timer ...

  • Cisco Systems 0L-11350-01 - page 358

    17-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 17 Configur ing CDP Monitoring a nd Maintaining CDP This e xample sho ws how to en able CDP . AP# configure terminal AP(config)# cdp run AP(config)# end Disabling and Enabling CDP on an Interface CDP is enabled b y default on all suppo rted interfaces ...

  • Cisco Systems 0L-11350-01 - page 359

    17-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 17 Configuring CDP Monitoring an d Maintaining CDP Belo w are six e xamples of output from the CD P show pri vileged EXEC command s: AP# show cdp Global CDP information: Sending CDP packets every 50 seconds Sending a holdtime value of 120 seconds AP# s ...

  • Cisco Systems 0L-11350-01 - page 360

    17-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 17 Configur ing CDP Monitoring a nd Maintaining CDP Device ID: idf2-1-lab-l3.cisco.com Entry address(es): IP address: 10.1.1.10 Platform: cisco WS-C3524-XL, Capabilities: Trans-Bridge Switch Interface: GigabitEthernet0/1, Port ID (outgoing port): FastE ...

  • Cisco Systems 0L-11350-01 - page 361

    17-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 17 Configuring CDP Monitoring an d Maintaining CDP AP# show cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device IDLocal InterfaceHoldtmeCapabilityPlatformPort ID Perdi ...

  • Cisco Systems 0L-11350-01 - page 362

    17-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 17 Configur ing CDP Monitoring a nd Maintaining CDP ...

  • Cisco Systems 0L-11350-01 - page 363

    CH A P T E R 18-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 18 Configuring SNMP This chapter describe s how to configure the Simple Network Managemen t Protocol (SNM P) on your access point. Note For complete syntax and usage informati on for th e commands used in this ch apter , refer to the Cisco IOS Com ...

  • Cisco Systems 0L-11350-01 - page 364

    18-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 18 Configu ring SNMP Understanding SNMP Understanding SNMP SNMP is an appli cation-layer protocol that pr o vides a message format for communication between SNMP manage rs and agents. The SN MP mana ger can be part of a n etwork manageme nt system (N M ...

  • Cisco Systems 0L-11350-01 - page 365

    18-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 18 Configuring SNMP Understanding SNMP T able 18-1 lists the SNMP v ersions and security le vels supported on access points: For detailed infor mation on SN MPv3, click this link to browse to the Ne w F eatur e Documentation for Cisco IOS Release 12.0( ...

  • Cisco Systems 0L-11350-01 - page 366

    18-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 18 Configu ring SNMP Understanding SNMP SNMP Agent Functions The SNMP agent responds to SNMP manager request s as follows: • Get a MIB variable—The SNM P agent begins this fu nction in response t o a requ est from th e NMS. The agent retrie ves the ...

  • Cisco Systems 0L-11350-01 - page 367

    18-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 18 Configuring SNMP Configuring SNMP Configuring SNMP This section descri bes how to configu re SNMP on your access point. It contains t his configurat ion inform ation : • Default SNMP Conf iguration, page 18-5 • Enabling the SNMP Agent, page 18-5 ...

  • Cisco Systems 0L-11350-01 - page 368

    18-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 18 Configu ring SNMP Configuring SNMP Configuring Community Strings Y ou use the SNMP community string to def ine th e relationship between the SNMP manager and the agent. The community stri ng acts like a passwo rd to permit access to the agent on the ...

  • Cisco Systems 0L-11350-01 - page 369

    18-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 18 Configuring SNMP Configuring SNMP T o disable access for an SNMP community , set the community strin g for that community to the null string (do not enter a v alue for th e community string). T o remov e a specific community st ring, use the no snmp ...

  • Cisco Systems 0L-11350-01 - page 370

    18-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 18 Configu ring SNMP Configuring SNMP Configuring SNMP-Server Hosts T o conf igure the recipient of an SNMP trap operation, use the foll owing command in global confi guration mode: Configuring SNMP-Server Users T o config ure a new u ser to an SNMP gr ...

  • Cisco Systems 0L-11350-01 - page 371

    18-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 18 Configuring SNMP Configuring SNMP Some notif ication types cannot be controlled with the snmp-server enable global conf iguration command, such as tty and udp-port . These notification types are al w ays enabled. Y ou ca n use the snmp-server host g ...

  • Cisco Systems 0L-11350-01 - page 372

    18-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 18 Configu ring SNMP Configuring SNMP T o remove the specified hos t from receiving traps , use the no snmp-server host host global confi guration command. T o disable a sp ecific trap type, use the no snmp-server enable traps notif ication-typ es glo ...

  • Cisco Systems 0L-11350-01 - page 373

    18-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 18 Configuring SNMP Configuring SNMP This example sho ws how to assign the strings open and ieee to SNMP , to allow read-write access for both, and to specify that open is the community string for quer ies on non-IEEE80 2dot11-MIB objects and ieee is ...

  • Cisco Systems 0L-11350-01 - page 374

    18-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 18 Configu ring SNMP Displaying SNMP Status AP(config)# snmp-server group admin v3 priv read iso write iso AP(config)# snmp-server user joe admin v3 auth md5 xyz123 priv des56 key007 AP(config)# snmp-server user fred admin v3 encrypted auth md5 abc789 ...

  • Cisco Systems 0L-11350-01 - page 375

    CH A P T E R 19-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode This chapter describes how to conf ig ure your a ccess point as a repeater, as a hot standb y unit, or as a workgroup bri dge. This chapte r contains these sections: • U ...

  • Cisco Systems 0L-11350-01 - page 376

    19-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Understanding Repe ater Access Points Understanding Repeater Access Points A repeater access point is not connected to the wired LAN ; it is placed within radio range of an a ...

  • Cisco Systems 0L-11350-01 - page 377

    19-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Configuring a Repeater Acce ss Point Figur e 19-1 Access P oint as a Repeater Configuring a Repeater Access Point This section pro vides instruction s for setting up an acces ...

  • Cisco Systems 0L-11350-01 - page 378

    19-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Configuring a Repea ter Access Point Default Configuration Access points are configured as root units by default. T able 19-1 shows the def ault v alues for settings that con ...

  • Cisco Systems 0L-11350-01 - page 379

    19-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Configuring a Repeater Acce ss Point Setting Up a Repeater Beginning in Pri vileged Ex ec mode, follo w these steps to configure an access point as a repeat er: This example ...

  • Cisco Systems 0L-11350-01 - page 380

    19-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Aligning Antenn as AP# configure terminal AP(config)# interface dot11radio 0 AP(config-if)# ssid chicago AP(config-ssid)# infrastructure-ssid AP(config-ssid)# exit AP(config- ...

  • Cisco Systems 0L-11350-01 - page 381

    19-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Aligning A ntennas Setting Up a Repeater As a LEAP Client Y ou can se t up a repeater access point to authenticat e to yo ur network like othe r wirele ss client devices. Aft ...

  • Cisco Systems 0L-11350-01 - page 382

    19-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Understanding Hot Standby Setting Up a Repeater As a WPA Client WP A ke y management uses a combination of encr yption methods to protect com munication between client device ...

  • Cisco Systems 0L-11350-01 - page 383

    19-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Configuring a Hot Sta ndby Access Po int Except for the IP address, the standby access point’ s settings should be identical to the settings on the monitored access po int. ...

  • Cisco Systems 0L-11350-01 - page 384

    19-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Configuring a Hot Standby Access Point Ti p T o quickly duplicate th e monitored access point’ s settings on the standby access point, sa ve the monitored access point con ...

  • Cisco Systems 0L-11350-01 - page 385

    19-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Configuring a Hot Sta ndby Access Po int Step 8 iapp standby poll-fr equency seconds Sets the number of seconds be tween q ueries that the standby access point sends to the ...

  • Cisco Systems 0L-11350-01 - page 386

    19-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Configuring a Hot Standby Access Point After you enable standb y mode, conf igure the settings that you recorded from the monitored access point to match on the standb y acc ...

  • Cisco Systems 0L-11350-01 - page 387

    19-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Understanding Workg roup Bridge Mode Understanding Workgroup Bridge Mode Y ou can configure 1100, 1130, 1200, 1230, and 1240 series access poin ts as workgroup bridges. In w ...

  • Cisco Systems 0L-11350-01 - page 388

    19-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Understanding Workgroup Brid ge Mode Figure 19-2 sho ws a n access point in workgroup br idge mode. Figur e 19 -2 Access P oint in W ork group Br idge Mode Treating Workgrou ...

  • Cisco Systems 0L-11350-01 - page 389

    19-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Understanding Workg roup Bridge Mode bridges, t hat can ass ociate t o an access point or bridge. T o increase beyond 20 the number of wo rkgroup bridges that can associate ...

  • Cisco Systems 0L-11350-01 - page 390

    19-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode Configuring Workg roup Bridge Mode The follo wing e xample sho ws how the comman d is used . In the example, channels 1, 6, and 11 are specified to scan: ap# ap#confure term ...

  • Cisco Systems 0L-11350-01 - page 391

    19-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode Configuring Workg roup Bridge Mode Step 3 station-ro le workgr oup-bridge Set the radio role to workgro up bridge. If your access point contains two radios, the radio not se ...

  • Cisco Systems 0L-11350-01 - page 392

    19-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode The Workgr oup Bridge in a Lightweight Environ ment This exampl e shows ho w to configu re an 1100 series access point as a w orkgroup bridge. In this exam ple, the workgrou ...

  • Cisco Systems 0L-11350-01 - page 393

    19-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 19 Configuring Repeater a nd Standby Access Points an d Workgroup Bridge Mode The Workgroup Bridge in a Lightweight Environmen t • The workgroup bridge can be any autonomous acce ss point that supports the workgroup bridge mode and is running Cisco ...

  • Cisco Systems 0L-11350-01 - page 394

    19-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 19 Configurin g Repeater and Standby Access Points and Workgro up Bridge Mode The Workgr oup Bridge in a Lightweight Environ ment • When you delete a workgroup bridg e record from the controller , all of the workgroup bridge wired clients’ records ...

  • Cisco Systems 0L-11350-01 - page 395

    CH A P T E R 20-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 20 Managing Firmware and Configurations This chapter describ es how to manipulate the Flash fi le system, ho w to copy configuration f iles, and how to archiv e (upload and download) software images. Note For complete syntax and usage in formation ...

  • Cisco Systems 0L-11350-01 - page 396

    20-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with the Flash File System Working with the Flash File System The Flash file system on your ac cess point provides se veral commands to help you m anage software image and conf iguration files. The Flas ...

  • Cisco Systems 0L-11350-01 - page 397

    20-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with the Flash File Syste m Setting the Default File System Y ou ca n specify the file system or di rectory that the system uses as th e default file system by using the cd filesyst em: pri vileged EXEC ...

  • Cisco Systems 0L-11350-01 - page 398

    20-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with the Flash File System T o display information about f iles on a file syst em, use on e of the pri vile ged EXEC commands in T able 20-2 : Changing Directories and Displaying the Working Directory B ...

  • Cisco Systems 0L-11350-01 - page 399

    20-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with the Flash File Syste m Use the /recursiv e ke yword to delete th e named directory and all subd irectories and the f iles contained in it. Use the /f orce k eyw ord to suppress the prompt ing that c ...

  • Cisco Systems 0L-11350-01 - page 400

    20-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with the Flash File System Use the /recursiv e ke yword for deleti ng a directory and all su bdirectories and the f iles contained in it. Use the /for ce ke yword to suppress the pr ompting that conf ir ...

  • Cisco Systems 0L-11350-01 - page 401

    20-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with the Flash File Syste m For sour ce-url , specify the source URL alias for the local or network f ile system. These options are supported: • For the local Flash f ile system, the syntax is flash: ? ...

  • Cisco Systems 0L-11350-01 - page 402

    20-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Configuration Files This ex ample sho ws ho w to e xtract the cont ents of a tar f ile located o n the TFTP server at 172.20.10.30. This command e xtracts just the ne w-configs directory into the r ...

  • Cisco Systems 0L-11350-01 - page 403

    20-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Configuration Files This section includes this information: • Guidelines for Cr eating and Using Conf iguration Files, page 20-9 • Config uration File T ypes and Location, page 20-9 • Creating ...

  • Cisco Systems 0L-11350-01 - page 404

    20-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Configuration Files Creating a Configuration File by Using a Text Editor When creating a conf iguration file, you must list commands logically so that the system can respond appropriately . This i ...

  • Cisco Systems 0L-11350-01 - page 405

    20-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Configuration Files • Ensure that the conf iguration f ile to be do wnloaded is in th e correct directory on the TFTP serv er (usually / tftpboo t on a UNIX workstation). • For do wnload operat ...

  • Cisco Systems 0L-11350-01 - page 406

    20-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Configuration Files Use one of these privile ged EXEC commands: • copy system:running-config tftp : [[[ // location ] / dir ectory ] / filename ] • copy n vram:startup-conf ig tftp: [[[ // loc ...

  • Cisco Systems 0L-11350-01 - page 407

    20-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Configuration Files Preparing to Download or Upload a Configuration File by Using FTP Before you be gin do wnloading or up loading a conf iguration f ile by using FTP , perform these t asks: • En ...

  • Cisco Systems 0L-11350-01 - page 408

    20-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Configuration Files Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] ap# %SYS-5-CONFIG: Configured from host1-config by ftp from 172.16.101.101 This exampl e show s how to spec ...

  • Cisco Systems 0L-11350-01 - page 409

    20-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Configuration Files Building configuration...[OK] Connected to 172.16.101.101 ap# This example sho ws how to store a st artup conf iguration file on a serv er by using FTP to cop y the file: ap# co ...

  • Cisco Systems 0L-11350-01 - page 410

    20-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Configuration Files Preparing to Download or Upload a Configuration File by Using RCP Before you be gin do wnloading or up loading a conf iguration f ile by using RCP , perform these t asks: • E ...

  • Cisco Systems 0L-11350-01 - page 411

    20-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Configuration Files This example sho ws how to cop y a configurati on file named host1-confg from the netadmin1 directory on the remote se rver with an IP address of 1 72.16.101.101 and load and ru ...

  • Cisco Systems 0L-11350-01 - page 412

    20-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images This exampl e show s how to co py the running conf iguration file named ap 2-confg to the netadmin1 directory on the remote host with an IP address of 172.16.101.101: ap# copy syst ...

  • Cisco Systems 0L-11350-01 - page 413

    20-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images Y ou download an access point image f ile from a TFTP , FTP , or RCP serv er to upgrade the access point software. Y ou upload an access point ima ge file to a TFTP , FTP , or RCP s ...

  • Cisco Systems 0L-11350-01 - page 414

    20-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images The info.ver file is always at the end of the ta r fi le and contains the same information as the info file. Because it is t he last file in the tar f ile, its existence means t ha ...

  • Cisco Systems 0L-11350-01 - page 415

    20-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images • During upload operati ons, if you are ov erwriting an existing file (inclu ding an empty f ile, if you had to create one) on the serv er , ensure that the per missions on the fi ...

  • Cisco Systems 0L-11350-01 - page 416

    20-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images The download algorithm v erif ies that the image is appropriate for the acce ss poin t model and that enough DRAM is present, or it aborts the proce ss and reports an error . If yo ...

  • Cisco Systems 0L-11350-01 - page 417

    20-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images The archiv e upload-sw pri vileged EXEC command b uilds an image f ile on the server b y uploading these files in order: info, the Cisco IOS image, th e HTML files, and info.ver . A ...

  • Cisco Systems 0L-11350-01 - page 418

    20-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images • The password set by the ip ftp passw ord passwor d global conf iguration comman d if the command is configured. • The access point forms a password named u sername@apname .do ...

  • Cisco Systems 0L-11350-01 - page 419

    20-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images Note T o av oid an unsuccessful do wnload, use the archi ve downloa d-sw /safe command, which do wnloads the image fi rst and does not delete the current running v ersion until the ...

  • Cisco Systems 0L-11350-01 - page 420

    20-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images The download algorithm v erif ies that the image is appropriate for the acce ss poin t model and that enough DRAM is present, or it aborts the proce ss and reports an error . If yo ...

  • Cisco Systems 0L-11350-01 - page 421

    20-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images The archiv e upload-sw command b uilds an image fi le on the server b y uploading these fil es in order: info, the Cisco IOS image, th e HTML files, and info .ver . After these file ...

  • Cisco Systems 0L-11350-01 - page 422

    20-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images RCP requires a client to send a remote usern ame on each RCP request to a se rver . When you copy an image from the access point to a server by using RCP , the Cisco IOS software s ...

  • Cisco Systems 0L-11350-01 - page 423

    20-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images Downloading an Image File by Using RCP Y ou can download a ne w image file an d replace or k eep the current image. Caution For the do wn load and upload algo rithms to operat e pro ...

  • Cisco Systems 0L-11350-01 - page 424

    20-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images Note T o av oid an unsuccessful do wnload, use the archi ve downloa d-sw /safe command, which do wnloads the image fi rst and does not delete the current running v ersion until the ...

  • Cisco Systems 0L-11350-01 - page 425

    20-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images Note If the Flash de vice has suff icient space to hold two images an d you want to o verwrite one of these images with the same versi on, you must specify the /ov erwrite op tion. ...

  • Cisco Systems 0L-11350-01 - page 426

    20-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images The archiv e upload-sw privile g ed EXEC command b uilds an image fil e on the server b y uploading these files in order: info, the Cisco IOS image, th e HTML files, and info.ver . ...

  • Cisco Systems 0L-11350-01 - page 427

    20-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 20 Managing Firmware and Con figurations Working with Software Images Step 7 Click the Upgrade b utton. For additi onal information, click th e Help icon on the Software Upgrade screen. Browser TFTP Interface The TFTP interface allo ws you to use a TF ...

  • Cisco Systems 0L-11350-01 - page 428

    20-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 20 Mana ging Firmware and Configu rations Working with Software Images ...

  • Cisco Systems 0L-11350-01 - page 429

    CH A P T E R 21-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 21 Configuring System Message Logging This chapter describes how to conf igure sy stem message logging on your acces s point. Note For complete syntax and usage informati on for th e commands used in this ch apter , refer to the Cisco IOS Confi gu ...

  • Cisco Systems 0L-11350-01 - page 430

    21-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 21 Config uri ng System Message Logg ing Understanding Syste m Message Logging Understanding System Message Logging By default, access points send the outpu t from system messages and deb ug pri vileg ed EXEC commands to a logging process. The l ogging ...

  • Cisco Systems 0L-11350-01 - page 431

    21-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging T able 21-1 describes the elements of syslog messages. This example show s a partial access point system messa ge: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed stat ...

  • Cisco Systems 0L-11350-01 - page 432

    21-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Log ging Disabling and Enabling Message Logging Message logging is enabled b y default. It must be en abled to send messages to an y destination other th an the console. When enabled, ...

  • Cisco Systems 0L-11350-01 - page 433

    21-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging Setting the Message Display Destination Device If message logging is en abled, you ca n send messages to specific locati ons in additi on to the cons ole. Beginni ng in pri vileg ...

  • Cisco Systems 0L-11350-01 - page 434

    21-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Log ging Enabling and Disabling Timestamps on Log Messages By default, log messag es are not timestamped. Beginni ng in pri vileged EXEC mode, foll ow th ese steps to enable timestampi ...

  • Cisco Systems 0L-11350-01 - page 435

    21-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging This example sh ows part o f a logging display wi th sequenc e numbers enabled: 000019: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) Defining the Message Sever ...

  • Cisco Systems 0L-11350-01 - page 436

    21-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Log ging T able 21-3 describes the level k eyw ords. It also lists the corresponding U NIX syslog defini tions from the most se vere le vel to the least se vere le vel. The software ge ...

  • Cisco Systems 0L-11350-01 - page 437

    21-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging Beginni ng in pri vileged EXEC mode, follow these steps to change the le vel and history table size defaults: When the history table is fu ll (it contains the maximum number of m ...

  • Cisco Systems 0L-11350-01 - page 438

    21-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 21 Config uri ng System Message Logg ing Configuring System Message Log ging Configuring UNIX Syslog Servers The next sections describe how to configure the 4.3 BSD U NIX server syslog daemon and de fine the UNIX system logging f acility . Logging Mes ...

  • Cisco Systems 0L-11350-01 - page 439

    21-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 21 Configuring System Message Logging Configuring System Message Lo gging T o remove a syslog serv er , use the no logging host global conf iguration command, and specify the syslog server IP address. T o disabl e logging to syslog serv ers, enter the ...

  • Cisco Systems 0L-11350-01 - page 440

    21-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 21 Config uri ng System Message Logg ing Displaying the Lo gging Configuration Displaying the Logging Configuration T o display the current log ging conf iguration and t he contents of the log b uffer , use the show lo gging pri vileged EXEC command. ...

  • Cisco Systems 0L-11350-01 - page 441

    CH A P T E R 22-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 22 Wireless Device Troubleshooting This chapter pro vides troubleshooting procedures for basic p roblems with the wireless de vice. For the most up-to-date, detail ed troubleshooting i nformation, refer to the Cisco T A C website at the following ...

  • Cisco Systems 0L-11350-01 - page 442

    22-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Checking the To p Panel Indicato rs Checking the Top Panel Indicators If your wireless device is not communicating, check th e three LED indicators on the top panel to quickly assess the device’ s status. Figure 22- ...

  • Cisco Systems 0L-11350-01 - page 443

    22-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Checking the Top Pan el Indicators Figur e 22-2 Indicators on the 1 1 0 0 Series A ccess Point Figure 22-3 Indicators on the 350 Se r ies Access P oint (Plastic Case) Ethernet Status Radio 81597 S CISCO AIRONET 350 ...

  • Cisco Systems 0L-11350-01 - page 444

    22-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Checking the To p Panel Indicato rs Figure 22-4 Indicators on the 350 Se r ies Access P oint (Metal Case) The indicator sign als on the wirel ess de vice ha ve the f ollow ing meanings (for addit ional details refer t ...

  • Cisco Systems 0L-11350-01 - page 445

    22-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Checking the Top Pan el Indicators Operating status –G r e e n B l i n k i n g green T ransmitting/recei ving radio packets. Green – – Ethernet link is operational. Blinking green – – Tr ansmitting/recei ...

  • Cisco Systems 0L-11350-01 - page 446

    22-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Checking the To p Panel Indicato rs Indicators on 1130 Series Access Points If your access point i s not working pro perly , check the LED ring on the top panel or the Ethernet and Radio LEDs in the cable bay area. Y ...

  • Cisco Systems 0L-11350-01 - page 447

    22-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Checking the Top Pan el Indicators The LED signals are listed in Ta b l e 2 2 - 2 . T able 22-2 LED Signals Message type Cable Bay Area T op of Unit Meaning Ethernet LED Radio LED Status LED Boot loader st atus Gre ...

  • Cisco Systems 0L-11350-01 - page 448

    22-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Checking the To p Panel Indicato rs Boot loader errors Red Red Red DRAM memory tes t failure. Off Red Blinking red and blue Flash file syst em failure. Of f Amber Blinking red and light blue En vironment variab le (EN ...

  • Cisco Systems 0L-11350-01 - page 449

    22-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Checking the Top Pan el Indicators Indicators on 1240 Series Access Points If your access point is not w orking properly , check the Status, Ethernet, and Radio LEDs on the 2.4 GHz end of the unit. Y ou can use the ...

  • Cisco Systems 0L-11350-01 - page 450

    22-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Checking the To p Panel Indicato rs Indicators on 1300 Outdoor Access Point/Bridges If your access point/bridge is no t associating with a remote bridge or access point, check the four LEDs on the back panel. Y ou ca ...

  • Cisco Systems 0L-11350-01 - page 451

    22-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Checking the Top Pan el Indicators Figur e 22-7 LEDs Normal Mode LED Indications During access poi nt/bridge op eration the LEDs provide status information as sho wn in T able 22-4 . R Radio LED E Ethernet LED S S ...

  • Cisco Systems 0L-11350-01 - page 452

    22-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Checking the To p Panel Indicato rs The access point/bridge uses a blinking code to identify v arious error conditions. The code sequence uses a two-digit diag nostic code that starts with a long pause to delimit the ...

  • Cisco Systems 0L-11350-01 - page 453

    22-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Checking the Top Pan el Indicators Power Injector When the po wer injector is po wered up, it applie s 48-VDC to the dual-coax cables to the access point/bridge. When po wer is applied to the access point/bridge, ...

  • Cisco Systems 0L-11350-01 - page 454

    22-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Checking Power • Cisco Aironet Po wer Injector LR2T—optional transpor tation version – 12- to 40-VDC inpu t power – Uses 12 to 40 VDC from a v ehicle battery Checking Power Y ou can verify the av ailability o ...

  • Cisco Systems 0L-11350-01 - page 455

    22-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Checking Basic Settings Checking Basic Settings Mismatched basic settings are the mo st common causes of lost conn ecti vity with wireless cli ents. If the wireless de vice does not communicat e with client de vic ...

  • Cisco Systems 0L-11350-01 - page 456

    22-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Resetting to the Default Configuration Resetting to the Default Configuration If you for get the password that allows you to configu re the wireless devi ce, you may need to completel y reset the conf iguration. On 1 ...

  • Cisco Systems 0L-11350-01 - page 457

    22-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Resetting to the Default Configuration Step 3 Enter your username in the User Name f ield. Step 4 Enter the wireless de vice password in the Passw ord field and press Enter . The Summary Status page appears. Step ...

  • Cisco Systems 0L-11350-01 - page 458

    22-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Reloading the Access Point Image Step 6 Use the ren am e command to change the n ame of the conf ig.txt f ile to conf ig.old. ap: rename flash:config.txt flash:config.old Step 7 Use the rel oa d command to reboot the ...

  • Cisco Systems 0L-11350-01 - page 459

    22-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Reloading the Access Point Image Follo w these steps to reload the access point image file: Step 1 The PC you intend to use must be configu red with a static IP address i n the range of 10.0.0.2 to 10.0.0.30. Step ...

  • Cisco Systems 0L-11350-01 - page 460

    22-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Reloading the Access Point Image Step 7 Click Upload . For additi onal information, click th e Help icon on the Software Upgrade screen. Browser TFTP Interface The TFTP interface allo ws you to use a TFTP server on a ...

  • Cisco Systems 0L-11350-01 - page 461

    22-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Reloading the Access Point Image Step 3 Let the wireless de vice boot until it begins to infl ate the image. When you see these lines on the CLI, press Esc : Loading "flash:/c350-k9w7-mx.v122_13_ja.20031010/c ...

  • Cisco Systems 0L-11350-01 - page 462

    22-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Reloading the Access Point Image extracting c350-k9w7-mx.122-13.JA1/html/level1/images/apps_button_last_flat.gif (318 bytes) extracting c350-k9w7-mx.122-13.JA1/html/level1/images/apps_button_nth.gif (1177 bytes) extr ...

  • Cisco Systems 0L-11350-01 - page 463

    22-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-11350-01 Chapter 22 Wirele ss Device Tr oubleshootin g Reloading the Access Point Image Step 14 Sav e the file to a director on your hard dri ve. Obtaining TFTP Server Software Y ou can download TFTP server software from se ve ral websites. Cisco recommends the share ...

  • Cisco Systems 0L-11350-01 - page 464

    22-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Chapter 22 Wireless Device Troubleshooting Reloading the Access Point Image ...

  • Cisco Systems 0L-11350-01 - page 465

    A-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-11350-01 APPENDIX A Protocol Filters The tables in this appendix list some of the prot ocol s that you can f ilter on th e access point. The tables include: • T able A-1, Ethertype Protocols • T able A-2, IP Protocols • T able A-3, IP Port Protocols In each table, t ...

  • Cisco Systems 0L-11350-01 - page 466

    A-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix A Protocol Filters T able 0-1 Ethertype Protocols Protocol Additional Identifier ISO Designator ARP — 0x0806 RARP — 0x8035 IP — 0x0800 Berkele y T railer Negotiati on — 0x1000 LAN T est — 0x0708 X.25 Le vel3 X.25 0x0805 Ban yan — 0x0B AD CD ...

  • Cisco Systems 0L-11350-01 - page 467

    A-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix A Protocol Filters T able 0-2 IP Protocols Protocol Additional Identifier ISO Designator dummy — 0 Internet Control Message Protocol ICMP 1 Internet Group Management Prot ocol IGMP 2 T ransmission Control Protocol TCP 6 Exterior Gate way Protocol EGP ...

  • Cisco Systems 0L-11350-01 - page 468

    A-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix A Protocol Filters T abl e 0-3 IP P ort Pr otocols Protocol Additional Identifier ISO Designator TCP port service multiple xer tcpmux 1 echo — 7 discard (9) — 9 systat (11) — 11 daytime (13) — 13 netstat (15) — 15 Quote of the Day qot d quote ...

  • Cisco Systems 0L-11350-01 - page 469

    A-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix A Protocol Filters TSAP iso-tsap 102 CSO Name Serv er cso-ns csnet-ns 105 Remote T elnet rtelnet 107 Postoff ice v2 POP2 POP v2 109 Postoff ice v3 POP3 POP v3 110 Sun RPC sunrpc 111 tap ident authentication auth 113 sftp — 115 uucp-path — 117 Networ ...

  • Cisco Systems 0L-11350-01 - page 470

    A-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix A Protocol Filters SNMP Unix Multiple xer smux 199 AppleT alk Routing at-rtmp 201 AppleT alk name binding at-nbp 202 AppleT alk echo at-echo 204 AppleT alk Zone Information at-zis 206 NISO Z39.50 da tabase z3950 210 IPX — 213 Interactiv e Mail Access ...

  • Cisco Systems 0L-11350-01 - page 471

    B-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-11350-01 APPENDIX B Supported MIBs This appendi x lists the Simp le Network Manag ement Protocol (SNMP) Management Information Bases (MIBs) that the access point su pports for this soft ware release. The Ci sco IOS SNMP agent supports SNMPv1, SNMPv2, and SNMPv3. This appe ...

  • Cisco Systems 0L-11350-01 - page 472

    B-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix B Supported MIBs Using FTP to Ac cess the MIB Files • CISCO-MEMOR Y -POOL-MIB • CISCO-PR OCESS-MIB • CISCO-PR ODUCTS-MIB • CISCO-SMI-MIB • CISCO-TC-MIB • CISCO-SYSLOG-MIB • CISCO-WDS-INFO-MIB • ENTITY -MIB • IF-MIB • OLD-CISCO-CHASS ...

  • Cisco Systems 0L-11350-01 - page 473

    C-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-11350-01 APPENDIX C Error and Event Messages This appendix lists t he CLI error and ev ent message s. The appendix contains the follo wing sections: • Con ventions, page C-2 • Software Auto Upgrade Message s, page C-3 • Association Man agement Messages, page C-4 • ...

  • Cisco Systems 0L-11350-01 - page 474

    C-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages Conventions Conventions System error messages are displa yed in the fo rmat shown in Ta b l e C - 1 . T able C-1 Syst em Er ro r Message F ormat Message Component Description Example Error identif ier A string cate gorizing ...

  • Cisco Systems 0L-11350-01 - page 475

    C-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages Software Auto Upgrade Messages Software Auto Upgrade Messages Error Message SW-AUTO-UPGRADE-2-FATAL_FAILURE: “At tempt to upgrade software f ailed, software on flash may be deleted. Pl ease copy software into flash. Explanat ...

  • Cisco Systems 0L-11350-01 - page 476

    C-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages Association Manage ment Messages Error Message AUTO-INSTALL-4-IP_ADDRESS_DH CP: “The radio is operating in automatic install mode and has set ip address dhcp.” Explanation The radio is ope rating in au tomatic in stall m ...

  • Cisco Systems 0L-11350-01 - page 477

    C-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages Unzip Messages Error Message DOT11-6-ROAMED: “Station %e roamed to %e.” Explanation The indic ated station roamed to the indicated new access point. Recommended Action None. Error Message DOT11-4-ENCRYPT_MISMATCH: “ Poss ...

  • Cisco Systems 0L-11350-01 - page 478

    C-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages 802.11 Subsystem Messages Error Message DOT11-4-VERSION_UPGRADE: “I nterface %d, upgrading radio firmware.” Explanation When starting the indic ated interface, th e acc ess point found the wrong firmware version. The rad ...

  • Cisco Systems 0L-11350-01 - page 479

    C-7 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-3-RADIO_IF_LO: “Inter face %s Radio cannot lock IF freq.” Explanation The radio intermediate frequency (IF) PLL is unable to lock the correct frequenc y on the indicated interf ...

  • Cisco Systems 0L-11350-01 - page 480

    C-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages 802.11 Subsystem Messages Error Message DOT11-4-DFS_STORE_FAIL: “DF S: could not store the frequency statistics.” Explanation A failure occur red writing the DFS statistics t o flash. Recommended Action None. Error Messa ...

  • Cisco Systems 0L-11350-01 - page 481

    C-9 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message IF-4-MISPLACED_VLAN_TAG: “D etected a misplaced VLAN tag on source Interface %. Dropping packet. Explanation Received an 802.1Q VLAN tag was detected on the indicated interf ace which ...

  • Cisco Systems 0L-11350-01 - page 482

    C-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages 802.11 Subsystem Messages Error Message DOT11-4-CANT_ASSOC: “Interf ace %, cannot associate %s.” Explanation The indic ated interface device could not asso ciate to an indicated parent access point. Recommended Action C ...

  • Cisco Systems 0L-11350-01 - page 483

    C-11 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-MAXRETRIES: “Packet to client %e reached max retries, removing the client.” Explanation The maximum packet send retry limit has been reached and th e client is being re mov ...

  • Cisco Systems 0L-11350-01 - page 484

    C-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages 802.11 Subsystem Messages Error Message DOT11-4-RADIO_NO_FREQ: “Int erface &s, all frequencies have been blocked, interface not started.” Explanation The frequencies set for operatio n are in valid an d a channel sc ...

  • Cisco Systems 0L-11350-01 - page 485

    C-13 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-FLASHING_RADIO: “Interfa ce %s, flashing radio firmware (%s).” Explanation The indic ated interface radio has been stop ped to loa d the indicated new f irmware. Recommended ...

  • Cisco Systems 0L-11350-01 - page 486

    C-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages 802.11 Subsystem Messages Error Message DOT11-4-UPLINK_LINK_DOWN: “ Interface %s, parent lost: %s.” Explanation The connection to the parent access point on the indicated interf ace was lost for the reason indicated. Th ...

  • Cisco Systems 0L-11350-01 - page 487

    C-15 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-6-ANTENNA_GAIN: “Inte rface %s, antenna position/gain changed, adjusting transmitter power.” Explanation The antenna gain has changed so the list of allo wed power le vels mus ...

  • Cisco Systems 0L-11350-01 - page 488

    C-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages 802.11 Subsystem Messages Error Message DOT11-4-CCMP_REPLAY: “AES-CCMP TSC r eplay was detected on packet (TSC 0x%11x received from &e).” Explanation AES-CCMP TSC replay was indi cated on a frame. A replay of the AE ...

  • Cisco Systems 0L-11350-01 - page 489

    C-17 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-3-TKIP_MIC_FAILURE_REPEATED : “Two TKIP Michael MIC f ailures were detected within %s seconds on %s int erface. The interface will be put on MIC failure hold state for next %d s ...

  • Cisco Systems 0L-11350-01 - page 490

    C-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages 802.11 Subsystem Messages Error Message DOT11-4-NO_VLAN_ID: “VLAN id %d from Radius server is not configured for station %e.” Explanation The VLAN ID returned by the Radius server must be configu red on the access point ...

  • Cisco Systems 0L-11350-01 - page 491

    C-19 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages Inter-Access Point Protocol Messages Error Message SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: “IOS crypto FIPS self test passed .” Explanation SOAP FIPS self test passed. Recommended Action None. Error Message SOAP_FIPS-2-SELF_TE ...

  • Cisco Systems 0L-11350-01 - page 492

    C-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages Local Authenticato r Messages Local Authenticator Messages Error Message RADSRV-4-NAS_UNKNOWN: Unkno wn authenticator: [ip-address] Explanation The local RADIUS serv er recei ved an authen tication request b ut does not rec ...

  • Cisco Systems 0L-11350-01 - page 493

    C-21 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages Local Authenticato r Messages Error Message DOT1X-SHIM-3-UNSUPPORTED_KM : “Unsupported key management: %X.” Explanation Am error occurred during the initial ization of the shim layer . An unsupported ke y management type ...

  • Cisco Systems 0L-11350-01 - page 494

    C-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages WDS Messages out before tryi ng the next configured server . A Radius server marked as dead is skippe d by additional requests for the du ration of the minutes unless all serv ers are marked dead . Conf iguring dead time fo ...

  • Cisco Systems 0L-11350-01 - page 495

    C-23 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages Mini IOS Messages Error Message WLCCP-NM-3-WNM_LINK_DOWN: L ink to WNM is down Explanation The ne twork manager is no t responding to keep-activ e messages. Recommended Action Check for a problem with the networ k mana ger or ...

  • Cisco Systems 0L-11350-01 - page 496

    C-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages Access Point/Bridge Me ssages Error Message Saving this config to nvram may corrupt any network management or security files stored at the end of nvram. Continue? [no]: Explanation This warning message displays on the acces ...

  • Cisco Systems 0L-11350-01 - page 497

    C-25 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Appendix C Error and Event Messages Cisco Discovery Protocol Messages Cisco Discovery Protocol Messages Error Message CDP_PD-2-POWER_LOW: %s - %s %s (%e) Explanation The system is not supplied wit h suf ficient p ower . Error Message Reconf igure or replace the ...

  • Cisco Systems 0L-11350-01 - page 498

    C-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 Appendix C Error and Event Me ssages External Radius Se rver Error Messages ...

  • Cisco Systems 0L-11350-01 - page 499

    GL-1 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 GLOSSARY 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specif ications for 1- and 2- megabit-per -second (Mbps) wireless LANs operating in the 2. 4-GHz band. 802.11a The IEEE standard that specifies carrier sense ...

  • Cisco Systems 0L-11350-01 - page 500

    Glossary GL-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 beacon A wireless LAN pa cket that signals the a v ailability and presence of the wireless device. Beacon packets are sent b y access points and base stations; howe ver , client radio ca rds send be acons when op erating in computer to computer (Ad Ho ...

  • Cisco Systems 0L-11350-01 - page 501

    Glossar y GL-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 dipole A ty pe of low-gain (2.2-dBi) antenna cons isting of two (often internal ) elements. domain n ame The te xt name that refers to a grouping of networks or netwo rk resources based on org anization-type or geogr aphy; for e xample: name.com—com ...

  • Cisco Systems 0L-11350-01 - page 502

    Glossary GL-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 IP subnet mask The number us ed to identi fy the IP subnetwork, i ndicating whet her the IP address can be recognized on the LAN or if i t must be reached through a gate way . This number is expressed in a form similar to an IP address; for example: 2 ...

  • Cisco Systems 0L-11350-01 - page 503

    Glossar y GL-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 roaming A feature of some Access Points that allo ws users to move throug h a facility while maintaining an unbroken co nnection to the LAN. RP-TNC A connector ty pe unique to C isco Aironet rad ios and antenn as. Part 15.203 of the FCC rules cov erin ...

  • Cisco Systems 0L-11350-01 - page 504

    Glossary GL-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-11350-01 W WDS W ireles s Domain Services (WDS). An access point providing WDS on your wireless LAN maintains a cache of creden tials for CCKM-capable client de vices on your wireless LAN. When a CCKM- capable client roam s from one acces s point to another , ...

  • Cisco Systems 0L-11350-01 - page 505

    IN-1 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 INDEX Numerics 1130 series indicators 22-6 1240 series indicators 22-9 1300 outdoor access point /bridge indicators 22-10 350 series bridge int eroperability 8-3 802.11d 6-22 802.11e 15-2 802.11g 6-32 802.11i 6-26 802.1H 6-27 802.1x authentication 9-2 802.1X Su ...

  • Cisco Systems 0L-11350-01 - page 506

    Index IN-2 Cisco IOS Software Config uration Gu ide for Cisco Aironet Access Po ints OL-11350-01 B Back button 2-5 backoff 6-32 backup authenti cator, lo cal 9-1 bandwid th 6-13 banners configuring login 5-37 message-of-the-day login 5-35 default configu ration 5-35 when displayed 5-35 basic settings checking 22-15 beacon dtim-period command 6-30 b ...

  • Cisco Systems 0L-11350-01 - page 507

    Index IN-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 commands abbreviating 3-3 accounting 7-5 antenna 6-25 authentication client 7-5 beacon dtim-p eriod 6-30 beacon period 6-30 bridge-group 6-29 broadcast-key 11-15 cdp enab le 17-4 cdp run 17-3 clear 3-2 countermeasure tkip hold-time 11-17 debug 21-2 defaul ...

  • Cisco Systems 0L-11350-01 - page 508

    Index IN-4 Cisco IOS Software Config uration Gu ide for Cisco Aironet Access Po ints OL-11350-01 types and location 20-9 uploading preparing 20-10, 20-13, 20-16 reasons for 20-8 using FTP 20-14 using RCP 20-17 using TFT P 20-11 connections, secure remote 5-25 countermeasure tkip hold-time command 11-17 crypto software image 5-25 CSID format, select ...

  • Cisco Systems 0L-11350-01 - page 509

    Index IN-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 duplex, Ethernet port 5-18 Dynamic Frequency Selection 6-17 blocking chan nels 6-20 CLI commands 6-18 configuring a channel 6-19 confirming DFS enabled 6-18 E EAP authentication, overview 11-4 EAP-FAST 9-1, 9-2 EAP-FAST authentication 11-20 EAP-MD5 authen ...

  • Cisco Systems 0L-11350-01 - page 510

    Index IN-6 Cisco IOS Software Config uration Gu ide for Cisco Aironet Access Po ints OL-11350-01 filter output (CLI commands) 3-8 firmware upgrade 2-1 version 2-5 Flash 20-1 Flash device, number of 20-2 forward-delay time STP 8-7 fragmentation threshold 6-31 fragment-thresho ld command 6-31 frequencies 6-14, 6-15, 6-16 FTP accessing MIB files B-2 c ...

  • Cisco Systems 0L-11350-01 - page 511

    Index IN-7 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 J Japan upgrade uti lity 1-2 frequency set 1-2 migrating to W52 domain 5-37 verfying th e migra tion 5-39 jitter 15-2 K key features 1-2 keystrokes (edit CLI commands) 3-6 L latenc y 15-2 Layer 3 mobility 12-5 LBS 6-21 LEAP authentication local authen tic ...

  • Cisco Systems 0L-11350-01 - page 512

    Index IN-8 Cisco IOS Software Config uration Gu ide for Cisco Aironet Access Po ints OL-11350-01 interface configuration 3-2 line configuration 3-2 privileged EXEC 3-2 user EXEC 3-2 monitoring CDP 17-4 monitor mode 12-31 move the cursor (CLI) 3-6 multicast messages 6-27 multiple basic SSIDs 7-7 multiple VLAN configuring for no n-root bridge 5-39 N ...

  • Cisco Systems 0L-11350-01 - page 513

    Index IN-9 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 Q QBSS 15-3 dot11e parameter 15-3 QoS configuration guid elines 15-5 dot11e command 15-9 overview 15-2 Qos QBSS Load IE 15-9 quality of service See QoS R radio activity 6-32 congestion 6-13 indicator 22-4 interface 6-2 preamble 6-23 radio management 12-1 ...

  • Cisco Systems 0L-11350-01 - page 514

    Index IN-10 Cisco IOS Software Config uration Gu ide for Cisco Aironet Access Po ints OL-11350-01 request to send (RTS) 6-30 restricting access overview 5-3 passwords and p rivilege lev els 5-3 RADIUS 5-10, 13-1 TACACS+ 5-15 RFC 1157, SNMPv1 18-2 1901, SNMPv2C 18-2 1902 to 1907, SN MPv2 18-2 roaming 1-4 fast secure roaming using CCKM 12-1 role (mod ...

  • Cisco Systems 0L-11350-01 - page 515

    Index IN-11 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 SNMP, FTP MIB files B-2 snmp-server group command 18-7 SNMP versio ns supported 18-2 SNTP overview 5-27 software image 22-18 upload and download 20-1 software images location in F lash 20-19 tar file format, described 20-19 software upgrade error and eve ...

  • Cisco Systems 0L-11350-01 - page 516

    Index IN-12 Cisco IOS Software Config uration Gu ide for Cisco Aironet Access Po ints OL-11350-01 level keywords, descri bed 21-8 limiting messages 21-8 message format 21-2 overview 21-2 rate limit 21-9 sequence numbers, enabling an d disabling 21-6 setting the display destin ation device 21-5 timestamps, enabling and disabling 21-6 UNIX syslog ser ...

  • Cisco Systems 0L-11350-01 - page 517

    Index IN-13 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-11350-01 1300 outdoor access point /bridge power injector 22-13 error messages (CLI) 3-4 system message logging 21-2 with CiscoWor ks 18-4 U unauthorized access 5-3 universal workgroup bridge 6-2 universal wor kgroup bridge mode 4-13 UNIX syslog servers daemon co ...

  • Cisco Systems 0L-11350-01 - page 518

    Index IN-14 Cisco IOS Software Config uration Gu ide for Cisco Aironet Access Po ints OL-11350-01 world-mode command 6-23 world mode roaming 6-22 WPA 11-7 WPA migration mode 11-13 wpa-psk comm and 11-14 wraparound (CLI commands) 3-7 ...

Produzent Cisco Systems Kategorie Welder

Dokumente, die wir vom Produzenten des Geräts Cisco Systems 0L-11350-01 erhalten, können wir in mehrere Gruppen teilen. Unteranderem in:
- technische Zeichnungen Cisco Systems
- Bedienungsanleitungen 0L-11350-01
- Produktkarten Cisco Systems
- Informationsbroschüren
- oder Energieetiketten Cisco Systems 0L-11350-01
Jede von ihnen ist wichtig, jedoch finden wir die wichtigsten Informationen für den Nutzer des Geräts in der Bedienungsanleitung Cisco Systems 0L-11350-01.

Die Dokumentengruppe, die als Bedienungsanleitungen bezeichnet wird, wird ebenfalls in detaillierte Arten geteilt, solche wie: Montageanleitungen Cisco Systems 0L-11350-01, Wartungsanleitungen, Kurzanleitungen oder Benutzeranleitungen Cisco Systems 0L-11350-01. Abhängig vom Bedarf, sollten Sie das Dokument finden, das Sie brauchen. In unserem Service können Sie sich die populärste Bedienungsanleitung des Produkts Cisco Systems 0L-11350-01 ansehen.

Ähnliche Bedienungsanleitungen

Die komplette Bedienungsanleitung des Geräts Cisco Systems 0L-11350-01, wie sollte sie aussehen?
Die Bedienungsanleitung, auch bezeichnet als Benutzerhandbuch, oder einfach nur „Anleitung”, ist ein technisches Dokument, das dem Benutzer bei der Nutzung von Cisco Systems 0L-11350-01 hilfreich sein soll. Die Bedienungsanleitungen werden in der Regel von technischen Schriftstellern geschrieben, aber in einer Sprache, die für alle Nutzer von Cisco Systems 0L-11350-01 verständlich ist.

Eine gänzliche Bedienungsanleitung von Cisco Systems sollte einige Grundelemente enthalten. Ein Teil von ihnen ist nicht so wichtig, wie z.B.: die Titelseite oder Autorenseiten. Die restlichen von ihnen jedoch, sollten Informationen liefern, die für den Nutzer von enormer Wichtigkeit sind.

1. Einführung und Hinweise, wie man sich in einer Bedienungsanleitung von Cisco Systems 0L-11350-01 bewegt - Am Anfang jeder Bedienungsanleitung sollten wir Hinweise bezüglich der Nutzungsart eines bestimmten Ratgebers finden. In ihr sollten sich Informationen über die Lokalisierung des Inhaltsverzeichnisses von Cisco Systems 0L-11350-01 befinden, FAQ oder über oft auftretende Probleme – also Stellen, die von den Benutzern in jeder Bedienungsanleitung am meisten gesucht werden
2. Inhaltsverzeichnis - Index aller Ratschläge bezüglich Cisco Systems 0L-11350-01, die wir im aktuellen Dokument finden
3. Ratschläge zur Nutzung der Grundfunktionen des Geräts Cisco Systems 0L-11350-01 - die uns die ersten Schritte während der Nutzung von Cisco Systems 0L-11350-01 erleichtern sollten
4. Troubleshooting - geordneter Tätigkeitslauf, der uns bei der Diagnose und als nächstes bei der Lösung wichtiger Probleme mit Cisco Systems 0L-11350-01 hilft
5. FAQ - häufig gestellte Fragen
6. Kontaktdaten Informationen darüber, wo man Kontakt zum Produzenten / Service von Cisco Systems 0L-11350-01 im bestimmten Land suchen kann, wenn es nicht gelingt, das Problem selbst zu lösen.

Haben Sie eine Frage bezüglich Cisco Systems 0L-11350-01?

Nutzen Sie das untere Formular

Wenn Sie mit Hilfe der gefundenen Bedienungsanleitung Ihr Problem mit Cisco Systems 0L-11350-01 nicht gelöst haben, stellen Sie eine Frage, indem Sie das untere Formular nutzen. Wenn einer der Nutzer ein ähnliches Problem mit Cisco Systems 0L-11350-01 hatte, ist es möglich, dass er mit Ihnen die Lösung teilen möchte.

Text vom Bild übertragen

Kommentare (0)