Bedienungsanleitung Cisco Systems OL-29225-01

514 Seiten 6.35 mb
Download

Zur Seite of 514

Summary
  • Cisco Systems OL-29225-01 - page 1

    Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco we bsite at www.cisco.com/go/ offices. Cisco IOS Conf iguration Guide for A utonomous Cisco Air onet A ccess P oints Cisco IOS Release 15 .3(3)J AB Text Part Number: OL -31535-01 ...

  • Cisco Systems OL-29225-01 - page 2

    THE SPECIFICATION S AND INFORMAT ION REGARDING THE PRODUCTS IN THIS MA NUAL ARE SUBJ ECT TO CHANGE WITHOUT NOT ICE. ALL STATEMENTS , INFORMATION , AND RECOMMEN DATIONS I N THIS MANUA L ARE BELIEVE D TO BE ACCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED. USERS MUST TAKE FUL L RESPONSIBILITY FOR THEIR APPLICAT ION OF ANY ...

  • Cisco Systems OL-29225-01 - page 3

    1 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 CONTENTS 1 Preface xix Audience i-xix Purpose i-xix Configuration Procedures and Examples i-xx Organization i-xx Conventi ons i-xxii Related Publication s i-xxii Obtaining Documentation, Obtaining Support, and Security Guid elines i-xxiii CHAPTER 1 Overview of Acc ...

  • Cisco Systems OL-29225-01 - page 4

    Contents 2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Using the Management Pages in the Web-Browser Interfac e 2-2 Using Action Buttons 2-3 Character Restrictions in Entry Fields 2-4 Enabling HTTPS for Secure Brows ing 2-5 Deleting an HTTPS Certificate 2-7 Using Online User Guides 2-7 Disabling the Web-Brow ...

  • Cisco Systems OL-29225-01 - page 5

    Contents 3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Connecting to the 155 0 Series Access Point Locally 4-5 Default Radio Settings 4-6 Assigning Basic Settings 4-6 Default Settings on the Easy Setu p Page 4-10 Understanding th e Security Settings 4-1 1 Using VLANs 4-12 Security Types for an SSID 4-12 Limit ...

  • Cisco Systems OL-29225-01 - page 6

    Contents 4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Prepare a Configuration Information File 4-34 Enable environmental variab les 4-35 Schedule the Configuration Information File Download 4-35 Enabling Autoconf ig via a Boot File 4-36 Checking the Au toconfig Status 4-36 Debugging Autoconfig 4-37 CHAPTER ...

  • Cisco Systems OL-29225-01 - page 7

    Contents 5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Monitoring and Maintaining the DHCP Server Access Point 5-26 Show Commands 5-26 Clear Commands 5-26 Debug Command 5-27 Configuring the Access Point for Secure Shell 5-27 Understanding SSH 5-27 Configuring SSH 5-27 Support for Secure Copy Protocol 5-28 Con ...

  • Cisco Systems OL-29225-01 - page 8

    Contents 6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Configuring Dual-Radio Fallback 6-7 Radio Tracking 6-8 Fast Ethernet Tracking 6-8 MAC-Address Tracking 6-8 Configuring Radio Data Rates 6-9 Access Points Send Multicast and Ma nagement Frames at Highest Ba sic Rate 6-9 Configuring MCS Rates 6-12 Configur ...

  • Cisco Systems OL-29225-01 - page 9

    Contents 7 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 802.11r Config uration 6-39 CHAPTER 7 Configuring Mu ltiple SSIDs 7-1 Understanding Multiple SSIDs 7-2 Configuring Multiple SSIDs 7-3 Creating an SSID Globally 7-3 Viewing SSIDs Configured Globally 7-5 Using a RADIUS Server to Restrict SSIDs 7-5 Configuri ...

  • Cisco Systems OL-29225-01 - page 10

    Contents 8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Non-Root Bridge Without VLANs 8-11 Root Bridge with VLANs 8-12 Non-Root Bridge with VLANs 8-14 Displaying Spannin g-Tree Status 8-16 CHAPTER 9 Configuring an Acc ess Poin t as a Local Authenticator 9-1 Understanding L ocal Authenticatio n 9-2 Configuring ...

  • Cisco Systems OL-29225-01 - page 11

    Contents 9 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Combining MAC-Based, EAP, and Open Authentication 11 -6 Using CCKM for Authenticated Clients 11-6 Using WPA Key Management 11-7 Configuring Authentication Types 11-9 Assigning Authentication Types to an SSID 11-9 Configuring WPA Migration Mode for Legacy ...

  • Cisco Systems OL-29225-01 - page 12

    Contents 10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Configuring Access Points to Support Fa st Secure Roaming 12-18 CLI Configuration Example 12-20 Support for 802.11r 12-20 Configuring Management Frame Protec tion 12-21 Management Fram e Protection 12-21 Client MFP Overview 12-21 Client MFP For Access P ...

  • Cisco Systems OL-29225-01 - page 13

    Contents 11 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 TACACS+ Operation 13-24 Configuring TACACS+ 13-24 Default TAC ACS+ Config uration 13-25 Identifying the TACACS+ Server Host and Setting the Authenticatio n Key 13-25 Configuring TACACS+ Login Authentication 13-26 Configuring TACACS+ Authorization for Pr ...

  • Cisco Systems OL-29225-01 - page 14

    Contents 12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Optimized Voice Settings 15-14 CHAPTER 16 Configuring Filters 16-1 Understanding F ilters 16 -2 Configuring Filters Usin g the CLI 16-2 Configuring Filters Usin g the Web-Browser Interface 16-3 Configuring and Enabling MAC Address Filters 16 -3 Creating ...

  • Cisco Systems OL-29225-01 - page 15

    Contents 13 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Enabling the SNMP Agent 18-6 Configuring Community Strings 18-6 Specifying SNMP-Server Group Names 18-8 Configuring SNMP-Server Hosts 18 -8 Configuring SNMP-Server Users 18 -8 Configuring Trap Managers and Enablin g Traps 18-8 Setting the Agent Contact a ...

  • Cisco Systems OL-29225-01 - page 16

    Contents 14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 CHAPTER 20 Managing Firmware and Configurations 20-1 Working with the Flash File System 20-1 Displaying Available File Systems 20-2 Setting the De fault File System 20-3 Displaying Information Abou t Files on a File System 20-4 Changing Directories and ...

  • Cisco Systems OL-29225-01 - page 17

    Contents 15 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 Copying Image Files by Using FTP 20-22 Preparing to Download or Upload an Image File by Using FTP 20-23 Downloading an Image F ile by Using FTP 20-24 Uploading an Image File by Using FTP 20-26 Copying Image Files by Using RCP 20-27 Preparing to Download ...

  • Cisco Systems OL-29225-01 - page 18

    Contents 16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 CHAPTER 23 Troubleshooting 23-1 Checking the LED Indicators 23-2 Checking Power 23-2 Low Power Conditio n 23-2 Checking Basic Settings 23-3 SSID 23-3 WEP Keys 23-3 Security Settings 23-3 Resetting to the Default Configuration 23-4 Using the MODE Button ...

  • Cisco Systems OL-29225-01 - page 19

    Contents 17 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-29225-01 WDS Messages C-24 Mini IOS Messages C-25 Access Point/Bridge Messages C-26 Cisco Discovery Protocol Messages C-26 External Radius Server Error Messages C-26 LWAPP Error Messages C-27 Sensor Messages C-28 SNMP Error Messages C-29 SSH Error Messages C-30 G ...

  • Cisco Systems OL-29225-01 - page 20

    Contents 18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 ...

  • Cisco Systems OL-29225-01 - page 21

    -xix Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Preface Audience This guide i s for the ne tworking profe ssional who i nstalls an d manage s Cisco Aironet Access Point s in Autonomous mode. T o use this guide, you should ha ve experience w orking with the Cisco IOS so ftware and be familiar with th e conce ...

  • Cisco Systems OL-29225-01 - page 22

    -xx Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Configuration Procedur es and Examples P oints an d Bridges for this release. F or inform ation about the standard Ci sco IOS software commands, refer to the Cisco IOS software documentation set a v ailable from the Cisco.com ho me page at Support > Document ...

  • Cisco Systems OL-29225-01 - page 23

    -xxi Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Organization Chapter 9, “Configuring an Access Point as a Local Authenticator, ” describes how to conf igure the access point to act as a local RADIUS server for your wireless LAN. If the W AN connection to your main RADIUS server fails, the access point a ...

  • Cisco Systems OL-29225-01 - page 24

    -xxii Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Conventions Conventions This publica tion uses the se con ventions to co n v ey in structions an d informatio n: Command descriptions use these co n v entions: • Commands and ke yword s are in boldface text . • Argum ents for which yo u supply v alues are ...

  • Cisco Systems OL-29225-01 - page 25

    -xxiii Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Obtaining Do cumentation, Obta ining Support, and Security Guidelines Obtaining Documentation, Obtaining Support, and Security Guidelines For info rmation on obtaining documentatio n, obtaining support , providi ng documentation feedback, security g uideline ...

  • Cisco Systems OL-29225-01 - page 26

    -xxiv Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Obtaining Documentation, Obtaining Support, and Security G uidelines ...

  • Cisco Systems OL-29225-01 - page 27

    CH A P T E R 1-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 1 Overview of Access Point Features Cisco Aironet Access Poin ts (herea fter called ac cess points , or abbreviated as APs ) pro vide a secure, affo rdable, and easy-to-use wi reless LAN solution t hat combines mobility and fl exibilit y with the e ...

  • Cisco Systems OL-29225-01 - page 28

    1-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 1 Overvi ew of Acce ss Point Feature s New Features and Platforms in this Release New Features and Platforms in this Release For full inf ormation on the new fe atures and updates to e xisting feat ures in this release, see the Release Notes for Autonom ...

  • Cisco Systems OL-29225-01 - page 29

    1-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 1 Overview of Access Point Features New Features and Platforms in this Release – Non Root Bridge – W o rkgroup Bridge – Scanner – Spectrum – Repeater Support for Cisco Aironet 1700 Series access point • This access point is b uilt on 3 x4:3( ...

  • Cisco Systems OL-29225-01 - page 30

    1-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 1 Overvi ew of Acce ss Point Feature s Management Options Automatic Configuring of the Access Point The Autoconf ig feature of autonomou s access points allo ws the AP to do wnload i ts config uration, periodically , from a Secure Copy Protocol (SCP) se ...

  • Cisco Systems OL-29225-01 - page 31

    1-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 1 Overview of Access Point Features Roaming Client Devices Chapter 3, “Using the Co mmand-Line Interface, ” pro vides a detailed description of the CLI. • A web-browser interface, which you use through a W eb browser . Chapter 2, “Using the W eb ...

  • Cisco Systems OL-29225-01 - page 32

    1-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 1 Overvi ew of Acce ss Point Feature s Network Config uration Exam ples Figur e 1 -1 Access P oints as Ro ot Units on a Wir ed LAN Repeater Access Point An access point can be configured as a stand-alone rep eater to extend the range of your infrastruct ...

  • Cisco Systems OL-29225-01 - page 33

    1-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 1 Overview of Access Point Features Network Configuration Examp les Bridges Access points can be conf igured as root or non-root bridges. In th is role, an acc ess point esta blishes a wireless link with a non-root brid ge. T raf f ic is passed o v er t ...

  • Cisco Systems OL-29225-01 - page 34

    1-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 1 Overvi ew of Acce ss Point Feature s Network Config uration Exam ples you can connect th e printers to a h ub or to a switch, conn ect the hub o r switch to the access point Ethernet port, and configure the access point as a workgroup bridge. Th e wor ...

  • Cisco Systems OL-29225-01 - page 35

    CH A P T E R 2-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 2 Using the Web-Browser Interface This chapter describes the web-brow ser interface that you can use to conf igure the wireless de vice. This chapter contains the following sections: • Using the W eb-Bro wser Interface for the First T ime, page 2 ...

  • Cisco Systems OL-29225-01 - page 36

    2-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 2 Using th e Web-Browser Interface Using the Web-Browser Inte rf ace for the First Time Using the Web-Browser Interface for the First Time Use the wireless device IP address to br owse to the management system. See t he “Logging into the Access Point? ...

  • Cisco Systems OL-29225-01 - page 37

    2-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 2 Using the W eb-Browser Interface Using the Management Pag es in the Web-Browser Inte rface Figur e 2-1 W eb-Br owser Int erf ace Home P age Using Action Buttons Ta b l e 2 - 1 lists the page links and b uttons that appear on the management page . T ab ...

  • Cisco Systems OL-29225-01 - page 38

    2-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 2 Using th e Web-Browser Interface Using the Management Pages in the Web-Browser Interface Character Restrictions in Entry Fields Y ou cannot use the foll owing characte rs in the en try fi elds on the web-bro wser i nterface. This is true for all acces ...

  • Cisco Systems OL-29225-01 - page 39

    2-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 2 Using the W eb-Browser Interface Enabling HTTPS for Secure Browsing Enabling HTTPS for Secure Browsing Y ou can protect the communication with the access point web-bro wser interf ace by enabling H TTPS. HTTPS protects HTTP bro wser sessions by us ing ...

  • Cisco Systems OL-29225-01 - page 40

    2-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 2 Using th e Web-Browser Interface Enabling HTTPS for Sec ure Browsing Step 12 In the Domain Name field, enter a domain name, and then click Apply . Note Enabling HTTPS automatically disables HTTP . T o maintain HTTP acce ss with HTTPS enabled, check th ...

  • Cisco Systems OL-29225-01 - page 41

    2-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 2 Using the W eb-Browser Interface Using Online User Guides AP(config)# end In this example, the access point system name is ap3600 , the domain name is company .com , and the IP address of the DNS serv er is 10.91.107.18. For complete descriptio ns of ...

  • Cisco Systems OL-29225-01 - page 42

    2-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 2 Using th e Web-Browser Interface Disabling the Web-Brow ser Interface ap(config)# ip http server ...

  • Cisco Systems OL-29225-01 - page 43

    CH A P T E R 3-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 3 Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure the wireless de vice. It contains th e follo wing sections: • Cisco IOS Command Modes, page 3-2 • Getting Help, p ...

  • Cisco Systems OL-29225-01 - page 44

    3-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 3 Using the Comman d-Line Interface Cisco IOS Command Mode s Cisco IOS Command Modes The Cisco IOS user interface is di vided i nto many dif ferent modes. The commands a v ailable to you depend on which mode y ou are currently in. Enter a quest ion mark ...

  • Cisco Systems OL-29225-01 - page 45

    3-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 3 Using th e Co mmand-Line Interface Getting Help Getting Help Y o u can enter a question mark (?) at the system prompt to display a li st of commands a v ailable for each command mo de. Y ou can al so obtain a list of asso ciated keyw ords and ar gumen ...

  • Cisco Systems OL-29225-01 - page 46

    3-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 3 Using the Comman d-Line Interface Using the no and Default Forms of Com mands Using the no and Default Forms of Commands Most confi guration command s also ha ve a no form. In general, use the no form to disable a feature or function or re v erse the ...

  • Cisco Systems OL-29225-01 - page 47

    3-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 3 Using th e Co mmand-Line Interface Using Comman d History Changing the Command History Buffer Size By default, the wi reless de vice records ten command lines in i ts history b uf fer . Beginning in pri vile ged EXEC mode, enter this command to change ...

  • Cisco Systems OL-29225-01 - page 48

    3-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 3 Using the Comman d-Line Interface Using Editing Features Using Editing Features This section descri bes the editing features that can help you manipu late the command line. It contains these sections: • Enabling and Disabling Edit ing Features, page ...

  • Cisco Systems OL-29225-01 - page 49

    3-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 3 Using th e Co mmand-Line Interface Using Editing Features Editing Command Lines that Wrap Y ou can use a wraparound feature for commands that extend be yond a single li ne on the screen. When the cursor reaches the right margin, the command line shift ...

  • Cisco Systems OL-29225-01 - page 50

    3-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 3 Using the Comman d-Line Interface Searching and Filteri ng Output of show and more Commands In this e xample, the access-list global co nfigu ration command entry e xtends be yond one line. When t he cursor first reaches the end of the line, the line ...

  • Cisco Systems OL-29225-01 - page 51

    3-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 3 Using th e Co mmand-Line Interface Accessing the CLI Accessing the CLI Y o u can open the w ireless device CLI using T elnet or Secu re Shell (SSH). Opening the CLI with Telnet Follo w these steps to op en the CLI with T elnet. The se steps are for a ...

  • Cisco Systems OL-29225-01 - page 52

    3-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 3 Using the Comman d-Line Interface Accessing the CLI ...

  • Cisco Systems OL-29225-01 - page 53

    CH A P T E R 4-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 4 Configuring the Access Point for the First Time This chapter describe s how to configure basic settin gs on the wireless de vice for the f irst time. The contents of this chapter are similar to the instru ct ions in the quick start gui de that sh ...

  • Cisco Systems OL-29225-01 - page 54

    4-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Before You Start • The case-sensitiv e wireless service set id entifier (SSID) for your radio netw ork • If not connected to a DH CP server , a unique IP address for the wireless de vice (such as 17 ...

  • Cisco Systems OL-29225-01 - page 55

    4-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Logging into the Access Point Step 6 Click System Conf iguration and the System Conf iguration screen appears. Step 7 Click the Reset to Defaults b utton to reset al l settings, including the IP address ...

  • Cisco Systems OL-29225-01 - page 56

    4-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Obtaining and Assign ing an IP Address • graphica l user interf ace (GUI) • T elnet (if the AP is configured with an IP address) • console port Note Not all mo dels of Cisco Aironet Acce ss Points ...

  • Cisco Systems OL-29225-01 - page 57

    4-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Connecting to the 1040, 1140, 1240, 1250, 1260, and 2600 Series Access Points Locally Default IP Address Behavior When you connect a 1040, 1130 A G, 1140, 1240, 1 250, 1260, 2600 access point, o r 1300 ...

  • Cisco Systems OL-29225-01 - page 58

    4-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Default Radio Settings Note Y ou do not need a special crosso ver ca ble to connec t your PC to the po wer injector; yo u can use either a straight-through cable or a crossov er cable. Follo w th ese st ...

  • Cisco Systems OL-29225-01 - page 59

    4-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s Step 2 Enter the wireless device IP address in the bro wser address line and press Enter . An Enter Networ k Passw ord screen appears. Step 3 Press Ta b to bypass the Username ...

  • Cisco Systems OL-29225-01 - page 60

    4-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings • IPv6 Address —En ter the IPv6 address • Username —Enter the username r equired to access the netw ork. • Password —Enter the password corresponding to t he usernam ...

  • Cisco Systems OL-29225-01 - page 61

    4-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s ciphers tkip, open authentication + EAP , network EAP aut hentication, k ey management WP A mandatory , and RADIUS server authentication port 1645. Specify the RADIUS Server an ...

  • Cisco Systems OL-29225-01 - page 62

    4-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings • Channel —The default chann el setting for the wireless de vi ce radios is least congested; at startup, the wireless device scans for and selects the leas t-congested chan ...

  • Cisco Systems OL-29225-01 - page 63

    4-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s Understanding the Security Settings Y ou can configure basi c security settings in the Easy Setup > Radio Conf iguration section. Y ou can use the options gi v en in this s ...

  • Cisco Systems OL-29225-01 - page 64

    4-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings Using VLANs If you use VLANs on your wi reless LAN and assign SSIDs to VLANs, y ou can create multiple SSIDs using an y of the four security settings on the Express Securi ty p ...

  • Cisco Systems OL-29225-01 - page 65

    4-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Assigning Basic Setting s EAP Authentication This option en ables 802.1X authentication (such as LEA P , PEAP , EAP-TLS, EAP-F AST , EAP-TTLS, EAP-GTC, EAP-SIM, and other 802.1X/EAP based pro ducts) Th ...

  • Cisco Systems OL-29225-01 - page 66

    4-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Assigning Basic Settings Limitations of Security Settings The security settings i n the Easy Setup Radio Conf iguration section are designed for simple confi guration of basic security . The options av ...

  • Cisco Systems OL-29225-01 - page 67

    4-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time CLI Configuration Examples CLI Configuration Examples The examples in this section sho w the CLI commands that are equi v alent to creating SSIDs using each security type. This section contai ns these ...

  • Cisco Systems OL-29225-01 - page 68

    4-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time CLI Configuration Examples no bridge-group 1 unicast-flooding ! Example: Static WEP for Radio 2.4 GHz This exampl e sho ws a part of the conf iguratio n that results from creating an SSID called static ...

  • Cisco Systems OL-29225-01 - page 69

    4-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time CLI Configuration Examples no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning ...

  • Cisco Systems OL-29225-01 - page 70

    4-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time CLI Configuration Examples ! antenna gain 0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group ...

  • Cisco Systems OL-29225-01 - page 71

    4-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time CLI Configuration Examples ipv6 address autoconfig ipv6 enable ! ip forward-protocol nd ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/h ...

  • Cisco Systems OL-29225-01 - page 72

    4-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time CLI Configuration Examples ! antenna gain 0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group ...

  • Cisco Systems OL-29225-01 - page 73

    4-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Configuring System Power Settings Access Points ipv6 address autoconfig ipv6 enable ! ip forward-protocol nd ip http server no ip http secure-server ip http help-path http://www.cisco.com/warp/public/7 ...

  • Cisco Systems OL-29225-01 - page 74

    4-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Support for 802.11n Performance on 1250 Series Access Points with Standard 802.3af PoE Using a Switch That D oes Not Support IEEE 80 2.3af Power Negotiation If you use a switch to pro vide Po wer o ver ...

  • Cisco Systems OL-29225-01 - page 75

    4-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Support for 802.11ac 1. Maximum transmit power will vary by channel and accordin g to individual country regulations. Refer to the product documentation for specific details. 2. Tx—Transmitter. Suppo ...

  • Cisco Systems OL-29225-01 - page 76

    4-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Support for 802.11ac Of f channel scanning or transmissions ar e not suppor ted. The 802.11 ac radio depend s on 802.11n radio s for the of f channel scanning fu nctionality . For e xample, to conf igu ...

  • Cisco Systems OL-29225-01 - page 77

    4-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Assigning an IP Address Using th e CLI 802.11n and 802.11ac u se the po wer le ve ls config ured on 802.11n. Y ou cannot config ure po wer le vels independently for 80 2.11ac. Assigning an IP Address U ...

  • Cisco Systems OL-29225-01 - page 78

    4-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring the 802.1X Supp licant Configuring the 802.1X Supplicant T raditionally , the dot1x authenticator/client relationship has al way s been a network de vice and a PC client re spectively , as ...

  • Cisco Systems OL-29225-01 - page 79

    4-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Configuring the 802.1X Supplicant ap1240AG> enable Password: xxxxxxx ap1240AG# config terminal Enter configuration commands, one per line. End with CTRL-Z. ap1240AG(config)# dot1x credentials test a ...

  • Cisco Systems OL-29225-01 - page 80

    4-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring IPv6 The follo wing example applys the credentials profile test to the ssid testap1 on a repeater access point. repeater-ap> enable Password: xxxxxxx repeater-ap# config terminal Enter c ...

  • Cisco Systems OL-29225-01 - page 81

    4-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Configuring IPv6 Link-Local Addressses are auto matically configured on inte rf ace using link-local pref ix FE80::/10 (1111 111 0 10). The interface iden tifier i s in the modif ied EUI-64 format. • ...

  • Cisco Systems OL-29225-01 - page 82

    4-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring IPv6 Beginni ng in pri vileged EXEC mode, use the follo win g command to assign a site-local or global add ress to the int erface: ap(config-i f)# ipv6 address i pv6-addr ess [eui-64] Note ...

  • Cisco Systems OL-29225-01 - page 83

    4-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Configuring IPv6 Command Purpose ipv6 nd ? Config ures neighbor disco ve ry protocol. ipv6 nd ns-interval va lue This command i s av ailable only on bridge group virtual interf ace (BVI). Sets the inte ...

  • Cisco Systems OL-29225-01 - page 84

    4-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Configuring IPv6 Configuring IPv6 Access Lists IPv6 access lists (ACL) are used to fi lter traf f ic and restrict ac cess to th e router . IPv6 prefix lists are used to fi lter routing pro tocol update ...

  • Cisco Systems OL-29225-01 - page 85

    4-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Configuring IPv6 IPv6 WDS AP registration The first acti ve IPv6 address is used to register the WDS. Ta b l e 4 - 8 sho ws different scenarios in the IPv6 WDS AP regi stration process. Note 11r roamin ...

  • Cisco Systems OL-29225-01 - page 86

    4-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Automatic Configuring of the Access Point RA filtering RA filterin g increases the security of the IPv6 network by dropping RAs coming from wireless clients. RA filt ering pre v ents misconf igured or ...

  • Cisco Systems OL-29225-01 - page 87

    4-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Automatic Configuring of the Access Poin t </l2tp_cfg> The xml tags used in the conf iguration i nformation f ile are described belo w . Enable environmental variables After you ha ve t he conf i ...

  • Cisco Systems OL-29225-01 - page 88

    4-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Automatic Configuring of the Access Point Step 2 Y ou need to set the correct time zone for the AP to ha ve the correct time, This can be done using the command clock timezone TIMEZONE HH MM, where: ? ...

  • Cisco Systems OL-29225-01 - page 89

    4-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 4 Configuring th e Access Point for the First Time Automatic Configuring of the Access Poin t Debugging Autoconfig Y o u can use th e following debugging comma nds as require d: • Debug commands to see Autoconf ig state machi ne transition: Deb dot11 ...

  • Cisco Systems OL-29225-01 - page 90

    4-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 4 Configuring the Access Point fo r the First Time Automatic Configuring of the Access Point ...

  • Cisco Systems OL-29225-01 - page 91

    CH A P T E R 5-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 5 Administrating the Access Point This chapter describes ho w to administrate th e wireless de vice. This chapter contains the follo wing sections: • Disabling the Mo de Button, page 5-2 • Pre venting Unauthorized Access to Y our Access Point, ...

  • Cisco Systems OL-29225-01 - page 92

    5-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Disabling the Mode Button Disabling the Mode Button Y ou can disable the mode button on access points ha ving a console po rt by using the global conf iguration [no] boot mode-button co mmand. This command pre v ents p ...

  • Cisco Systems OL-29225-01 - page 93

    5-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Preventing Unauthorized Acc ess to Your Access Po int Preventing Unauthorized Access to Your Access Point Y ou can prev ent unauthorized users from reconf iguring the wireless de vice and viewing conf iguration informat ...

  • Cisco Systems OL-29225-01 - page 94

    5-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Protecting Ac cess to Pr ivileged EXEC Commands Default Password and Privilege Level Configuration Ta b l e 5 - 1 show s the default passw ord and pri vile ge le v el conf iguration. Setting or Changing a Static Enable ...

  • Cisco Systems OL-29225-01 - page 95

    5-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Protecting A ccess to Privile ged EXEC Commands This example sho ws how to ch ange the enable password to l1u2c3k4y5 . The password is not encrypt ed and provides access to le vel 15 (tradi tional pri vileg ed EXEC mode ...

  • Cisco Systems OL-29225-01 - page 96

    5-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Protecting Ac cess to Pr ivileged EXEC Commands Protecting Enable and Enable Secret Passwords with Encryption T o pro vide an additional layer of security , particularly for p asswords that cr oss the network or t hat ...

  • Cisco Systems OL-29225-01 - page 97

    5-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Protecting A ccess to Privile ged EXEC Commands If both the enable and enable secret passwords are defined, users must enter the enable secret password. Use the level keyw ord to def ine a passw ord for a specif ic pri ...

  • Cisco Systems OL-29225-01 - page 98

    5-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Protecting Ac cess to Pr ivileged EXEC Commands T o disable username authenticatio n for a specific user , use the no username na me global configuration command. T o disable password checking and allo w connections wi ...

  • Cisco Systems OL-29225-01 - page 99

    5-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Protecting A ccess to Privile ged EXEC Commands Setting the Privilege Level for a Command Beginni ng in priv ileged EXEC mod e, follo w these steps to set the pri vile ge le vel for a command mode: When you set a comman ...

  • Cisco Systems OL-29225-01 - page 100

    5-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Configuring Easy Setup Configuring Easy Setup Y ou can now conf igure a networ k and radio in a single screen usin g the Easy Setup. Network Configuration T o conf igure an access point using the network config uratio ...

  • Cisco Systems OL-29225-01 - page 101

    5-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Configuring Spectrum Expert Mode – Spectrum—See Conf iguring Spectrum Expert Mode . • Optimize Radio Networ k—Y ou can either select preconf ig ured settings or customiz e the settings for the wirele ss device ...

  • Cisco Systems OL-29225-01 - page 102

    5-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Controlling Access Point Access with RADIUS Your current security s ettings put c omputer at risk . Controlling Access Point Access with RADIUS This section descri bes ho w to control ad ministrator access to the wir ...

  • Cisco Systems OL-29225-01 - page 103

    5-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Controlling Access Point Access with RADIUS authentication method or until all def ined methods are exhausted. If auth entication fails at any poin t in this cycl e—meaning that the security server or lo cal username ...

  • Cisco Systems OL-29225-01 - page 104

    5-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Controlling Access Point Access with RADIUS Defining AAA Server Groups Y ou can configure the wireless d e vice to use AAA server g roups to group e xisting serv er hosts for authentication. Y ou select a subset of th ...

  • Cisco Systems OL-29225-01 - page 105

    5-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Controlling Access Point Access with RADIUS Step 3 radius-server host { hostname | ip-addr ess } [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit re t r ie s ] [ key string ] Specify ...

  • Cisco Systems OL-29225-01 - page 106

    5-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Controlling Access Point Access with RADIUS T o remov e the specified RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. T o remove a serv er group from the conf igurat ...

  • Cisco Systems OL-29225-01 - page 107

    5-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Controlling Access Poin t Access with TACACS+ T o disable authorization, use the no aaa author ization { network | exec } method1 global configuration command. Displaying the RADIUS Configuration T o display t he RADIU ...

  • Cisco Systems OL-29225-01 - page 108

    5-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Controlling Access Point Access with TACACS+ authentication met hods are performed. The onl y exceptio n is the default met hod list (which, b y coincidence, is named default ). The default metho d list is automatical ...

  • Cisco Systems OL-29225-01 - page 109

    5-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Controlling Access Poin t Access with TACACS+ T o disable AAA , use the no aaa new-model global confi guration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } metho ...

  • Cisco Systems OL-29225-01 - page 110

    5-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Configuring Ethernet Sp eed and Dupl ex Settings Configuring Ethernet Speed and Duplex Settings Y ou can assign the wireless de vice Ethernet port speed and dupl ex settin gs. W e recommend that you use auto , the def ...

  • Cisco Systems OL-29225-01 - page 111

    5-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Configu ring the A ccess Poin t for L oca l Authentica tion and Authorization Configuring the Access Point for Local Authentication and Authorization Y o u can configure AAA to operate without a serv er by conf iguring ...

  • Cisco Systems OL-29225-01 - page 112

    5-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Configuring the Authen tication Cache and Profile T o disable AAA , use the no aaa new-model global conf iguration command. T o disable authorization, use the no aaa authorization { network | ex ec } method1 global co ...

  • Cisco Systems OL-29225-01 - page 113

    5-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Configuring the Auth enti cation Cache and Profile ! aaa group server tacacs+ tac_admin server 192.168.133.231 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group ...

  • Cisco Systems OL-29225-01 - page 114

    5-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Configuring the Access Poin t to Provide DHCP Service ! ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius sou ...

  • Cisco Systems OL-29225-01 - page 115

    5-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Configuring the Access Point to Pr ovide DHCP Service http://www .cisco.com/uni vercd/ cc/td/doc/product/ sof tware/i os122/122cgcr/f ipr_c/ipcprt1/1cfdhcp.htm Beginning in pri vile ged EXEC mode, follo w these steps t ...

  • Cisco Systems OL-29225-01 - page 116

    5-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Configuring the Access Poin t to Provide DHCP Service AP(dhcp-config)# end Monitoring and Maintaining the DHCP Server Access Point These sections describe commands you can use to monitor and maintain the DHCP serv er ...

  • Cisco Systems OL-29225-01 - page 117

    5-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Configuring the Ac cess Point for Secure Shell Debug Command T o enable DHCP serv er deb ugging, use this command in pri vileged EXEC mode: debug ip dhcp serv er { even ts | packets | linkage } Use the no form of the c ...

  • Cisco Systems OL-29225-01 - page 118

    5-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Configuring Client ARP Caching Support for Secure Copy Protocol The Secure Copy Protocol (SCP) supports file transf ers between hosts on a network using Secure Shell (SSH) for security . Cisco IOS Release 15.2(2)JB su ...

  • Cisco Systems OL-29225-01 - page 119

    5-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Managing the System Time and Date Optional ARP Caching When a non-Cisco client de vice is associated to an access point and is not passing data, the wireless device might not know the client IP address. If th is situat ...

  • Cisco Systems OL-29225-01 - page 120

    5-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Managing the System Time and Date Understanding Simple Network Time Protocol Simple Network T ime Protocol (SNTP) is a simplif ied, client-only v ersion of NTP . SNTP can only recei ve the time from NTP ser vers; it c ...

  • Cisco Systems OL-29225-01 - page 121

    5-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Managing the System Time and Date • Config uring the T ime Zone, page 5-32 • Config uring Summer T ime (Daylight Saving T ime), page 5-33 Setting the System Clock If you ha ve an outside source on the n etwork that ...

  • Cisco Systems OL-29225-01 - page 122

    5-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Managing the System Time and Date Beginning in privileged EXEC mode, follow these steps to set th e system clock: This exampl e sho ws ho w to manually set the system cl ock to 1:32 p.m. on July 23, 2001: AP# clock se ...

  • Cisco Systems OL-29225-01 - page 123

    5-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Managing the System Time and Date The minutes-offset variable in the clock timezone global conf iguration command is a v ailable for those cases where a local time zone is a percentage of an hour dif ferent from UTC. F ...

  • Cisco Systems OL-29225-01 - page 124

    5-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Managing the System Time and Date The first part of the clock summer -time global conf iguration command specif ies when summer time begins, and t he second part specif ies when it ends. All ti mes are relati ve to th ...

  • Cisco Systems OL-29225-01 - page 125

    5-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Defining H TTP Access Defining HTTP Access By default, 80 is used fo r HTTP access, and port 443 is used for HTTPS access. These values can be customized by the user . Fo llo w these step s to define the HTTP access vi ...

  • Cisco Systems OL-29225-01 - page 126

    5-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Configuring a System N ame and Prompt Configuring a System Name Beginning in pri vileged EXEC mod e, follo w these steps to manually conf igure a system name: When you set the system name, it is also used as the syste ...

  • Cisco Systems OL-29225-01 - page 127

    5-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Configuring a System Name and Prompt Default DNS Configuration Ta b l e 5 - 5 show s the default DN S conf iguration. Setting Up DNS Beginning in pri vile ged EXEC mode, follo w these st eps to set up the wireless devi ...

  • Cisco Systems OL-29225-01 - page 128

    5-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Creating a Banne r default domain name is the v alue set by the ip domain -name global configuration command. If there is a period (.) in the host name, Cisco IOS software lo oks up the IP address without appending an ...

  • Cisco Systems OL-29225-01 - page 129

    5-39 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Creating a Banner Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure a MO TD login b anner: T o delete the MO TD banner , use the no banner motd global conf igurati on command. This exampl e sho ws ...

  • Cisco Systems OL-29225-01 - page 130

    5-40 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Creating a Banne r Configuring a Login Banner Y ou can configure a l ogin banner to appear on all c onnected terminal s. This banner appears after the MO TD banner and befo re the login pro mpt. Beginni ng in pri vile ...

  • Cisco Systems OL-29225-01 - page 131

    5-41 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 5 Administrating the Access Point Upgrading Autonomous Cisc o Aironet Access Points to Lightweig ht Mode Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode Note For inf ormation on only up grading the Ci sco IOS image on an autonomous ...

  • Cisco Systems OL-29225-01 - page 132

    5-42 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 5 Administrating th e Access Point Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode ...

  • Cisco Systems OL-29225-01 - page 133

    CH A P T E R 6-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 6 Configuring Radio Settings This chapter describes h ow to config ure radio settings for the wireless device. Th is chapter includes the follo wing sections: • Enabling the Radio Inter face, page 6-2 • Config uring the Role in Radi o Network, ...

  • Cisco Systems OL-29225-01 - page 134

    6-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Enabling the Radio Interface Enabling the Radio Interface The wireless de vice radios are disabled by def ault. Note Beginning wit h Cisco IOS Release 12.3(8)J A there is no SSID. Y ou must create an SSID before you can enab ...

  • Cisco Systems OL-29225-01 - page 135

    6-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring the Ro le in Radio Netw ork Configuring the Role in Radio Network Ta b l e 6 - 1 shows the ro le in the radio netwo rk for each de vice. T able 6-1 Device Role in Radio Netw or k Configurati on Role in Radio Net ...

  • Cisco Systems OL-29225-01 - page 136

    6-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network Y ou can configure the role of an access po int or bridge in a radio n etwork. Y ou can also configure a fallback role for root access points. The wireless devi ce automatically assumes ...

  • Cisco Systems OL-29225-01 - page 137

    6-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring the Ro le in Radio Netw ork Step 3 station-role non-root {bridge | wire less-clients} rep e a te r root {access-poi nt | ap-only | bridge [wireless-clients] |fallback [ repeater | shutdo wn]} scanner workgr oup- ...

  • Cisco Systems OL-29225-01 - page 138

    6-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network Note When you enable the role in the radio netw ork as a non root bridge or a w orkgroup bridge and en able the interface using the no shut command, the physical status and the so ftware ...

  • Cisco Systems OL-29225-01 - page 139

    6-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring the Ro le in Radio Netw ork Note In point-to-multip oint bridging, WG B is not recommended wit h the root bridge. WGB sh ould be associated to the root AP i n point-to-multipoi nt bridging setup. Configuring Dua ...

  • Cisco Systems OL-29225-01 - page 140

    6-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network Radio Tracking Y ou can configure the access point to track or monitor the status of one of it s radios. It the tracked radio goes down or is disabled, the access point shuts down the ot ...

  • Cisco Systems OL-29225-01 - page 141

    6-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuri ng Radio Data Rates Configuring Radio Data Rates Y ou use the data rate settings to choose the data ra tes the wireless device uses for data transmissi on. The rates are expressed i n megabits per seco nd. The wir ...

  • Cisco Systems OL-29225-01 - page 142

    6-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring Radio Data Rates Since multicast frames are no t retransmitted at the MA C layer , stations at the edge of the cell may f ail to recei ve t hem successfully . If reliable reception is a goal, then multicast s sh ...

  • Cisco Systems OL-29225-01 - page 143

    6-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuri ng Radio Data Rates Step 3 speed 802.11g, 2.4-GHz radio: {[ 1.0 ] [ 2.0 ] [ 5.5 ] [ 6.0 ] [ 9.0 ] [ 11.0 ] [ 12.0 ] [ 18.0 ] [ 24.0 ] [ 36.0 ] [ 48.0 ] [ 54.0 ] [ basic-1.0 ] [ basic-2.0 ] [ basic-5.5 ] [ basic-6 ...

  • Cisco Systems OL-29225-01 - page 144

    6-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring MCS Rates Use the no form of the speed command to remov e one or more data rates from the conf iguration. This example sho ws how to remo ve data rates basic-2.0 and basic-5.5 from the co nfigurat ion: ap# confi ...

  • Cisco Systems OL-29225-01 - page 145

    6-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring Radi o Transmit Power Enabling 11ac MCS rates MCS rates are configured using the speed command. T o enable 11ac rates, it is mandatory to ha v e at least one basic rate and one 11n rate enabled. The follo wing ...

  • Cisco Systems OL-29225-01 - page 146

    6-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring Radio Transmit Powe r Beginni ng in priv ileged EXEC mode, fo llo w these steps to set the transmit po wer on access point radios: Use the no form of the po wer command to return the po wer setting to maximum , ...

  • Cisco Systems OL-29225-01 - page 147

    6-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring Radio Channel Setting s Limiting the Power Level for Associated Client Devices Y ou can also limit the power le vel on cli ent de vices that associate to the wireless d evice. When a clien t dev ice associates ...

  • Cisco Systems OL-29225-01 - page 148

    6-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Note In places where RF inte rference might be causing clients to occasionally ge t disconnected from the wireless network, setting th e wireless interface to r un on a dif ferent channel ...

  • Cisco Systems OL-29225-01 - page 149

    6-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring Radio Channel Setting s Dynamic Frequency Selection Access points with 5-GHz radios configured at th e factory for use in the United States, Europe, Singapore, K orea, Japan, Israel, and T aiwan no w comp ly wi ...

  • Cisco Systems OL-29225-01 - page 150

    6-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings The full list of channels that r equire DFS is sho wn in Ta b l e 6 - 3 . For autonomou s operation, DFS requires random channel selecti on among the channels listed in Ta b l e 6 - 3 . T ...

  • Cisco Systems OL-29225-01 - page 151

    6-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring Radio Channel Setting s Note W e recommend that you use the world-mode dot 11d co untry-code conf iguration interface command to configure a country code on DFS- enabled radios. The IEEE 802.11h protocol requ i ...

  • Cisco Systems OL-29225-01 - page 152

    6-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Allowed Client Power Levels: 14 11 8 5 2 dBm Antenna: Rx[a b c d ] Tx[a b c d ofdm all] External Gain [Allowed 12, Reported 0, Configured 0, In Use 12] (dBi x 2) Configuring a Channel Use ...

  • Cisco Systems OL-29225-01 - page 153

    6-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring Radio Channel Setting s • 1 —Specifi es frequencies 5.150 to 5. 250 GHz. This group of frequ encies is also kno wn as the UNII-1 band. • 2 —Specifi es frequencies 5.250 to 5. 350 GHz. This group of freq ...

  • Cisco Systems OL-29225-01 - page 154

    6-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Enabling and Disabling World Mode Enabling and Disabling World Mode Y ou can configure the wi reless de vice to support 802.11d world mo de, Cisco le gacy world mode, or world mode roaming. When you enable w orld mode, th e ...

  • Cisco Systems OL-29225-01 - page 155

    6-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring Transmit and Receive Antenna s • Long—Long preambles ar e used by le gac y 802.11 only de vices, and some 802.11b/g de vices that expect long preambl es for optimal operat ions. If thes e client de vices do ...

  • Cisco Systems OL-29225-01 - page 156

    6-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring Transmit and Receive Antenna s Beginning in pri vileged EXEC mode, follo w these steps to select the antennas th e wireless device uses to receiv e and transmit da ta: Command Purpose Step 1 configur e terminal ...

  • Cisco Systems OL-29225-01 - page 157

    6-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Enabling and Disab ling Gratuitous Probe Response Enabling and Disabling Gratuitous Probe Response Gratuitous Probe Response (GPR) aids in conservi ng battery po wer in dual mo de phones that support cellular and WLAN mode ...

  • Cisco Systems OL-29225-01 - page 158

    6-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring the Ethern et Encapsulation Transfo rmation Method • Cisco K ey Inte grity Protocol (CKIP)—Cisco's WE P ke y permutation t echnique based on an early algorithm presented by the IEEE 802.11i security ta ...

  • Cisco Systems OL-29225-01 - page 159

    6-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Enabling and Disabling Re liable Multicast to Workg roup Bridges Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure th e encapsulation transformation method: Enabling and Disabling Reliable Multicast t ...

  • Cisco Systems OL-29225-01 - page 160

    6-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Enabling and Disabling Reliable Multicast to Workgro up Bridges Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure the encapsulation transformation method: Note T o conf igure reliable multicast forw ar ...

  • Cisco Systems OL-29225-01 - page 161

    6-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Enabling and Disabling Pu bl ic Secure Packet Forwa rding Enabling and Disabling Public Secure Packet Forwarding Public Secure Packet F orwarding (PSPF) pre v ents client de vices associated to an access point from inadver ...

  • Cisco Systems OL-29225-01 - page 162

    6-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Enabling and Disabling Public Secure Pa cket Forwarding Configuring Protected Ports T o pre v ent communication betw een client de vices a ssociated with different access points on your wireless LAN, you can set up protecte ...

  • Cisco Systems OL-29225-01 - page 163

    6-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring the Beacon Period an d the DTIM Configuring the Beacon Period and the DTIM The beacon period is the amount of time between acc ess po int beacons in Kilomicroseconds. One Kµsec equals 1,024 m icroseconds. The ...

  • Cisco Systems OL-29225-01 - page 164

    6-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring the Maximum Data Packe t Retries Use the no form of the command to reset the R TS settings to defaul ts. Configuring the Maximum Data Packet Retries The maximum data retries setting determines the nu mber of att ...

  • Cisco Systems OL-29225-01 - page 165

    6-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring the Fragmen tation Threshold Configuring the Fragmentation Threshold The fragmentation thresh old determin es the size at which packets are fra gmented (sent as se v eral pieces instead of as one block). Use a ...

  • Cisco Systems OL-29225-01 - page 166

    6-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Performing a Ca rrier Busy Test Performing a Carrier Busy Test Y o u can perform a carrier busy test to check the radi o activity on wireless channels. During the carrier busy test, the wireless de vice drops all associatio ...

  • Cisco Systems OL-29225-01 - page 167

    6-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring VoIP Packet H andling The Stream page appears. Step 4 Click the tab for the radio to co nfigu re. Step 5 For both CoS 5 (V ideo) and CoS 6 (V oice) user priorities, choose Lo w Latency from the P acket Handlin ...

  • Cisco Systems OL-29225-01 - page 168

    6-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Configuring VoIP Packet Hand ling In the pre vious command: • Number 1—Defines the number of times the AP should try to resend a packet that was not receiv ed properly (not ackno wledged), for a gi v en priority le v el ...

  • Cisco Systems OL-29225-01 - page 169

    6-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs Configuring ClientLink ap(config-if)#packet max-retries 3 0 fail-threshold 100 500 priority 6 d ap(config-if)#packet max-retries 3 0 fail-threshold 100 500 priority 6 drop-packet Lo w latency P acket rates can also be def ...

  • Cisco Systems OL-29225-01 - page 170

    6-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings Debugging Radi o Functions Note ClientLink is not supported on the 1040, 702 series access poi nts. Using the CLI to Configure ClientLink T o enable ClientLink , enter this CLI command in interf ace conf iguration mod e on ...

  • Cisco Systems OL-29225-01 - page 171

    6-39 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 6 Configuring Radio Settin gs 802.11r Configuration This exampl e sho ws ho w to be gin deb ugging of th e radio system log: AP# debug dot11 syslog This exampl e show s how to stop debu gging of all radio related e v ents: AP# no debug dot11 events Not ...

  • Cisco Systems OL-29225-01 - page 172

    6-40 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 6 Configuring Radio Settings 802.11r Configuration ...

  • Cisco Systems OL-29225-01 - page 173

    CH A P T E R 7-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 7 Configuring Multiple SSIDs This chapter describe s how to configure and manage multiple Service Set Identif iers (SSIDs) on th e access point. This chapter contains the following sections: • Understanding Multiple SSIDs, page 7-2 • Config uri ...

  • Cisco Systems OL-29225-01 - page 174

    7-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 7 Config uring Multi ple SSIDs Understanding Multiple SSIDs Understanding Multiple SSIDs The SSID is an ASCII string that wireless networki ng devices use to estab lish and main tain wireless connectivity . M ultiple access points on a network or sub-ne ...

  • Cisco Systems OL-29225-01 - page 175

    7-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple SSIDs Configuring Multiple SSIDs These sections contain conf iguratio n information for mul tiple SSIDs: • Creating an SSID Globally , page 7-3 • Using a RADIUS Serv er to Restrict SSIDs, page 7-5 No ...

  • Cisco Systems OL-29225-01 - page 176

    7-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 7 Config uring Multi ple SSIDs Configuring Multiple SSIDs Note Y ou use the ssid command authenticatio n options to configure an authen tication type for each SSID. See Chapter 9, “Configuring an Access Point as a Local Authenticator, ” for i nstruc ...

  • Cisco Systems OL-29225-01 - page 177

    7-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple SSIDs Note When you enable guest SSID mode for the 802.11 g radio it applies to the 80 2.11b radio as well since 802.11b and 802.11g o perate in the same 2.4Ghz band. Use the no form of the command to di ...

  • Cisco Systems OL-29225-01 - page 178

    7-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 7 Config uring Multi ple SSIDs Configuring Multiple Basic SSIDs (attrib ute 26). V endor-specif ic attrib utes (VSAs) allo w vendors to support their o wn extend ed attrib utes not suitable for general use. The Cisco RADIUS i mpl ementation supports on ...

  • Cisco Systems OL-29225-01 - page 179

    7-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 7 Configuring Multiple SSIDs Configuring Multiple Basic SSIDs • Any W i-Fi certif ied client device can associat e to an access point using multiple BSSI Ds. • Y ou can enable multiple BSSIDs on access points that participate in WDS. Configuring Mul ...

  • Cisco Systems OL-29225-01 - page 180

    7-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 7 Config uring Multi ple SSIDs Assigning IP Redirection for an SSID When client de vices r eceiv e a beacon that contains a DTIM, the y normally w ake up to check for pending packets. Longer intervals between DTIMs let client s sleep longer and preserv ...

  • Cisco Systems OL-29225-01 - page 181

    7-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 7 Configuring Multiple SSIDs Assigning IP Redirection for an SSID Y o u can redirect all packets from client devices associat ed using an SSID or redirect only packets directed to specific TCP or UD P ports (as defined in an access control list). When y ...

  • Cisco Systems OL-29225-01 - page 182

    7-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 7 Config uring Multi ple SSIDs Including SSIDL IE in an SSID Beacon Configuring IP Redirection Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure IP redirection for an SSID: Note A CL logging i s not supported on the bridging inter ...

  • Cisco Systems OL-29225-01 - page 183

    7-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 7 Configuring Multiple SSIDs NAC Support for MBSSID Beginning in pri vile ged EXEC mode, follo w these steps to include an SSIDL IE in an SSID beacon: Use the no form of the command to disable SSIDL IEs. By def ault SSIDL IEs are disabled. NAC Support ...

  • Cisco Systems OL-29225-01 - page 184

    7-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 7 Config uring Multi ple SSIDs NAC Support for MBSSID When an infected client associates with an access point and sends it s state to the RADIUS server , the RADIUS server puts it i nto one of the quarantine V LAN s based on its health. This VLAN is se ...

  • Cisco Systems OL-29225-01 - page 185

    7-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 7 Configuring Multiple SSIDs NAC Support for MBSSID Configuring NAC for MBSSID Note This feature supports only Layer 2 mobility within VLANs. Layer 3 mob ility using netwo rk ID is not supported in this feature. Note Before you attempt to enable NA C f ...

  • Cisco Systems OL-29225-01 - page 186

    7-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 7 Config uring Multi ple SSIDs NAC Support for MBSSID authentication open authentication network-eap eap_methods ! dot11 ssid mktg vlan mktg-normal backup mktg-infected1, mktg-infected2, mktg-infected3 authentication open authentication network-eap eap ...

  • Cisco Systems OL-29225-01 - page 187

    CH A P T E R 8-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 8 Configuring Spanning Tree Protocol This chapter descibes ho w to configure Spanning T r ee Protocol (STP) on your acce ss point/bridge. This chapter contains the following sections: • Understanding Spanning Tree Protocol, page 8-2 • Config ur ...

  • Cisco Systems OL-29225-01 - page 188

    8-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spannin g Tree Protocol Understanding Spanning Tree Protocol This section describes ho w spanning-tree features work. It includes th is information: • STP Overvie w , page 8-2 • Access Point/Bridge ...

  • Cisco Systems OL-29225-01 - page 189

    8-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 8 Configuring Spannin g Tree Protocol Understanding Spanning Tree Protocol The access point/bridge maintain s a separate spanning -tree instance for each ac tiv e VLAN co nf igured on it. A bridge ID, con sisting of the brid ge priority and the access p ...

  • Cisco Systems OL-29225-01 - page 190

    8-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spannin g Tree Protocol • Interfaces incl uded in the spanning -tree instance are selected. Root ports and desi gnated ports ar e put in the forwarding state. • All interfaces not included in the s ...

  • Cisco Systems OL-29225-01 - page 191

    8-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 8 Configuring Spannin g Tree Protocol Understanding Spanning Tree Protocol Creating the Spanning-Tree Topology In Figure 8-1 , bridge 4 is elected as the spanning-tree root because th e priority of all the access point/bridges is set to the def ault (32 ...

  • Cisco Systems OL-29225-01 - page 192

    8-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Understanding Spannin g Tree Protocol • From blocking to listenin g or to disabled • From listening to learning or to disabled • From learning to forw arding or to disabled • From forwarding to dis abled Fig ...

  • Cisco Systems OL-29225-01 - page 193

    8-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 8 Configuring Spannin g Tree Protocol Understanding Spanning Tree Protocol • Discards frames re ceiv ed on the port • Does not learn addr esses • Receiv es BPDUs Note If a access point/bridge port is blocked, some broadcast or multicast packets ca ...

  • Cisco Systems OL-29225-01 - page 194

    8-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Features • Does not receiv e BPDUs Configuring STP Features Y ou comple te three ma jor steps to co nfigure STP on the access poi nt/bridge: 1. If necessary , assign interfaces and sub-interfaces t ...

  • Cisco Systems OL-29225-01 - page 195

    8-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 8 Configuring Spannin g Tree Protocol Configuring STP Features Configuring STP Settings Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure STP on the access point/bridge: Command Purpose Step 1 configur e terminal Enter global conf ...

  • Cisco Systems OL-29225-01 - page 196

    8-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Features STP Configuration Examples These configuration e xamples sho w how to enable STP on root and non-root access po int/bridges with and without VL ANs: • Root Bridge W ithout VLANs, page 8-1 ...

  • Cisco Systems OL-29225-01 - page 197

    8-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 8 Configuring Spannin g Tree Protocol Configuring STP Features interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning ! interface BVI1 ip address dhcp client-id GigabitEthernet ...

  • Cisco Systems OL-29225-01 - page 198

    8-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Features antenna gain 0 peakdetect stbc station-role non-root bridge-group 1 ! interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 bridge-group 1 path-co ...

  • Cisco Systems OL-29225-01 - page 199

    8-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 8 Configuring Spannin g Tree Protocol Configuring STP Features bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio0.2 enca ...

  • Cisco Systems OL-29225-01 - page 200

    8-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Configuring STP Features no ip route-cache duplex auto speed auto ! interface GigabitEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning ! interface GigabitEt ...

  • Cisco Systems OL-29225-01 - page 201

    8-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 8 Configuring Spannin g Tree Protocol Configuring STP Features no ip address no ip route-cache ! ssid vlan1 ! antenna gain 0 stbc station-role non-root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 ! interface ...

  • Cisco Systems OL-29225-01 - page 202

    8-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 8 Configur ing Spanning Tree Protocol Displaying Spanning-T ree Status encapsulation dot1Q 3 no ip route-cache bridge-group 3 bridge-group 3 path-cost 400 ! interface BVI1 ip address dhcp client-id GigabitEthernet0 no ip route-cache ipv6 address dhcp i ...

  • Cisco Systems OL-29225-01 - page 203

    CH A P T E R 9-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 9 Configuring an Access Point as a Local Authenticator This chapter describes ho w to conf igure the access poin t as a local authenticator to serve as a stand-alone authenticator for a small wireless LAN or to pro v ide backup authentication servi ...

  • Cisco Systems OL-29225-01 - page 204

    9-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Understanding Local Authentication Understanding Local Authentication Many smal l wireless LANs that could be made more secure w ith 802.1x authenticatio n do not ha ve access to a RADIUS server . ...

  • Cisco Systems OL-29225-01 - page 205

    9-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator Guidelines for Local Authenticators Follo w these guidelines when conf iguring an access point as a local authenticator: • Use an access point that does not se ...

  • Cisco Systems OL-29225-01 - page 206

    9-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r Step 3 radius-server local Enable the access point as a local authenticator and enter conf iguration mode for the auth enticator . Step 4 nas ip-addre ss key sha ...

  • Cisco Systems OL-29225-01 - page 207

    9-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator This exampl e sho ws ho w to set up a lo cal authenticator used by three access points with three user groups and sev eral users: AP# configure terminal AP(confi ...

  • Cisco Systems OL-29225-01 - page 208

    9-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r AP(config-radsrv)# user 00095125d02b password 00095125d02b group cashiers AP(config-radsrv)# user 00079431f04a password 00079431f04a group cashiers AP(config-rad ...

  • Cisco Systems OL-29225-01 - page 209

    9-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator Each time the access point t ries to use the main serv ers while they are do wn, th e client de vice trying to authenticate might repor t an authentication timeo ...

  • Cisco Systems OL-29225-01 - page 210

    9-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r In this example, the local authenticat or generates a P A C for the username joe , password-protects th e file with the password bingo , sets the P AC to e xpire ...

  • Cisco Systems OL-29225-01 - page 211

    9-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 9 Configuring an Acce ss Point as a Local Auth enticator Configuring a Local Au thenticator If your local authenticator does not recei ve i ts time setting from an NTP serv er and it reboots frequently , P ACs generated by the lo cal authen ticator mig ...

  • Cisco Systems OL-29225-01 - page 212

    9-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 9 Co nfiguring an Ac cess Point as a Local Authenticator Configuring a Local Authenticato r The first sectio n of statistics lists cumulati v e statistics from t he local authenticator . The second section lists stats for each acces s point (N AS) auth ...

  • Cisco Systems OL-29225-01 - page 213

    CH A P T E R 10-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 10 Configuring WLAN Authentication and Encryption This chapter descr ibes how to co nf igure auth entication an d encryptio n schemes to protect your WLANs. Encryption can be achie v ed using shared ke ys or indi vidual client ke ys. Indi vidual c ...

  • Cisco Systems OL-29225-01 - page 214

    10-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 10 Configuring WL AN Authentication and Encryption Understanding Authe ntication and Encryption Mechanisms Understanding Authentication and Encryption Mechanisms Just as anyone with in range of a radio station can tune to the station's frequ ency ...

  • Cisco Systems OL-29225-01 - page 215

    10-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 10 Configuring WLAN Authe ntication and Encryptio n Understanding Auth entication and Encryption Mechanisms will change to WEP if a WEP cl ient joins the cell). Wh en the cell contains only AES clients, the broadcast ke y uses AES (and will change t o ...

  • Cisco Systems OL-29225-01 - page 216

    10-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 10 Configuring WL AN Authentication and Encryption Understanding Authe ntication and Encryption Mechanisms Open with EAP Any cipher (WEP 40, WEP 128, TKIP , CKIP , CMIC, CKIP-CMIC, TKIP + WEP 40, TKIP+WEP 128, AES-CCMP , AES-CCMP+TKIP , AES-CCMP + TKIP ...

  • Cisco Systems OL-29225-01 - page 217

    10-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 10 Configuring WLAN Authe ntication and Encryptio n Understanding Auth entication and Encryption Mechanisms Y ou can enable Network EAP authenticatio n in comb ination with Open (with EAP or n ot, and an y combination of MA C, namely Network EAP with o ...

  • Cisco Systems OL-29225-01 - page 218

    10-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 10 Configuring WL AN Authentication and Encryption Understanding Encr yption Modes Understanding Encryption Modes As encryption is defin ed at the interf ace (VLAN or radio) le ve l of the access point, and can be common to se veral SSIDs, encrypti on ...

  • Cisco Systems OL-29225-01 - page 219

    10-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 10 Configuring WLAN Authe ntication and Encryptio n Configuring Encryption Modes • WEP (W ired Equi valent Pri v acy)—WEP is an 802.1 1 standard encryption algorith m originally designed to pro vide your wir eless LAN with the same le v el of pri v ...

  • Cisco Systems OL-29225-01 - page 220

    10-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 10 Configuring WL AN Authentication and Encryption Configuring Encryp tion Modes Creating Static WEP Keys Note Y ou need to configure static WEP keys only if your access point needs to support client de vices that use static WEP . If all the client dev ...

  • Cisco Systems OL-29225-01 - page 221

    10-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 10 Configuring WLAN Authe ntication and Encryptio n Configuring Encryption Modes This example sh ow s how to create a 128-bit WEP k ey in slot 3 f or VLAN 22 and sets the ke y as the transmit k ey: ap1200# configure terminal ap1200(config)# interface d ...

  • Cisco Systems OL-29225-01 - page 222

    10-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 10 Configuring WL AN Authentication and Encryption Configuring Encryp tion Modes Because the access point’ s WEP ke y 1 is selected as the transmit ke y , WEP ke y 1 on the other de vice must ha ve t he same contents. WEP ke y 4 on the other de vice ...

  • Cisco Systems OL-29225-01 - page 223

    10-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 10 Configuring WLAN Authe ntication and Encryptio n Configuring Encryption Modes Use the no form of the encryption command to disable a cipher suite. Matching Cipher Suites with WPA or CCKM If you conf igure your access point to use WP A or CCKM authe ...

  • Cisco Systems OL-29225-01 - page 224

    10-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 10 Configuring WL AN Authentication and Encryption Configuring Encryp tion Modes Note If using WP A and CCKM as ke y ma nagement, only tk ip and aes ciphers are supported . If using only CCKM as key management, ckip, cmic, ckip-cmic, tkip, wep, and ae ...

  • Cisco Systems OL-29225-01 - page 225

    10-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 10 Configuring WLAN Authe ntication and Encryptio n Configuring Encryption Modes Enabling and Disabling Broadcast Key Rotation Broadcast key rotation is disabled by def ault. Note Client devices using static WEP cannot use the acces s point when you e ...

  • Cisco Systems OL-29225-01 - page 226

    10-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 10 Configuring WL AN Authentication and Encryption Configuring Encryp tion Modes Use the no form of the encryption command to disable b roadcast key rotation. This ex ample enables broadc ast ke y rotation on VLAN 2 2 and sets the rotation in terval t ...

  • Cisco Systems OL-29225-01 - page 227

    CH A P T E R 11-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 11 Configuring Authentication Types This chapter describes how to conf igure authenticati on types on the access point. This chapter contains the following sections: • Understanding Authen tication T ypes, page 11-2 • Config uring Authenticati ...

  • Cisco Systems OL-29225-01 - page 228

    11-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types Understanding Authentication Types This section describes in detail the authentication types that you can configure on the access point. The authentication types are ti ed to the ...

  • Cisco Systems OL-29225-01 - page 229

    11-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Understanding Authentication Types In a scenario where you use Open authentication and WEP encryption, authentication will be successful e ven if the client and the AP WEP are mismatched. Th e client will not be ab ...

  • Cisco Systems OL-29225-01 - page 230

    11-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types EAP Authentication to the Network This authentication t ype provides t he highest le vel o f security for your wireless network. By using t he Extensible A uthentica tion Protoco ...

  • Cisco Systems OL-29225-01 - page 231

    11-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Understanding Authentication Types When mutual auth entication is complete, the RADIUS serv er and the client determine a a WEP k ey or a Pairwise Mast er K ey (WP A v1/v2) that is unique to the client and pro vides ...

  • Cisco Systems OL-29225-01 - page 232

    11-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types Figur e 1 1 -4 Sequence f or MAC-Based A uthentication Combining MAC-Based, EAP, and Open Authentication Y ou can set up the access point to authenticate c lient devices using a c ...

  • Cisco Systems OL-29225-01 - page 233

    11-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Understanding Authentication Types Figure 11-5 sho ws the reassociation process using CCKM. Figur e 1 1 -5 Client R eassociation Using CCKM Using WPA Key Management WP A v1 is a W i-Fi Alliance certif icati on based ...

  • Cisco Systems OL-29225-01 - page 234

    11-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Understanding Authe ntication Types Note Unicast and multicast cipher suites adv ertised in WP A information element (and negotiated during 802.11 association) may po tentially mismatch with the ciph er suite supp o ...

  • Cisco Systems OL-29225-01 - page 235

    11-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Configuring Authentication Types This section descri bes ho w to conf igure authen ticat ion types. Y ou attach conf iguration t ypes to the access point’ s SSIDs . See the “Co ...

  • Cisco Systems OL-29225-01 - page 236

    11-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Step 3 authentication open [ mac-address list -name [ alter nate ]] [[ optional ] eap list-name ] (Optional) Set the authenticati on type to open for this SSID. Open authenticati o ...

  • Cisco Systems OL-29225-01 - page 237

    11-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Step 5 authentication network-eap list-name [ mac-address list -name ] (Optional) set the authenticati on type for the SSID t o Network-EAP . Using the Extensible Authenticat ion ...

  • Cisco Systems OL-29225-01 - page 238

    11-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Step 6 authentication key-management {[ wpa [version versionnum ber ]] | [ cckm ] } [ optional ] (Optional) Set the authenticati on type for the SSID to WP A, CCKM, or both . If yo ...

  • Cisco Systems OL-29225-01 - page 239

    11-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Use the no form of the SSID commands to disable th e SSID or to disable SSID features. This exampl e sets the authenticati on type for the SSID batman to Network-EAP wi th CCKM au ...

  • Cisco Systems OL-29225-01 - page 240

    11-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Configuring Additional WPA Settings Use two opti onal settings to conf ig ure a pre-shared ke y on the access point and adjust the frequenc y of group k ey upd ates. Setting a pre- ...

  • Cisco Systems OL-29225-01 - page 241

    11-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types This exampl e sho ws ho w to conf igure a pre-shared k ey for cli ents using WP A and static WEP , with group ke y update options: ap# configure terminal ap(config-if)# ssid batma ...

  • Cisco Systems OL-29225-01 - page 242

    11-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types This exampl e sho ws how to enable MA C authentication caching with a one-hour timeout: ap# configure terminal ap(config)# dot11 aaa authentication mac-authen filter-cache timeout ...

  • Cisco Systems OL-29225-01 - page 243

    11-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Use the no form of these commands to reset the v alues to def ault settings. Creating and Applying EAP Method Pr ofiles for the 802.1X Supplicant This section descri bes the optio ...

  • Cisco Systems OL-29225-01 - page 244

    11-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Configuring Authen tication Types Creating an EAP Method Profile Beginni ng in pri vile ged ex ec mode, follo w these steps to def ine a ne w EAP profile: Use the no command to negate a command or set it s defaults ...

  • Cisco Systems OL-29225-01 - page 245

    11-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Configuring Authen tica tion Types Command Purpose Step 1 configur e terminal Enter the global co nfiguration m ode. Step 2 interface gigabitethernet 0 Enter the interface configuration mo de for the access point? ...

  • Cisco Systems OL-29225-01 - page 246

    11-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Matching Access Point and Client Device Au thentication Types Applying an EAP Prof ile to an Uplink SSID This operation typical ly applies to repeater access points, non-roo t bridges and workgro up bridges needing ...

  • Cisco Systems OL-29225-01 - page 247

    11-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Matching Access Point and Client Device Authentication Type s T able 1 1 -1 Client and Access P oint Secur ity Set tings Security Feature C lient Setting Access Point Setting Static WEP with open authentication Cre ...

  • Cisco Systems OL-29225-01 - page 248

    11-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Matching Access Point and Client Device Au thentication Types 802.1X authen tication and CCKM Enable LEAP Select a ciph er suite and enable Open with EAP and/o r Network EAP , and CCKM for the SSID. Note T o allow ...

  • Cisco Systems OL-29225-01 - page 249

    11-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Guest Access Management Guest Access Management Guest Access allows a guest to gain access to the Internet, and the guest’ s own enterpr ise without compromising the security of the host enterprise. Guest access ...

  • Cisco Systems OL-29225-01 - page 250

    11-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Guest Access Man agement – ap(config-ssid)# authentication open – ap(config-ssid)# exit • T o enable web au thentication: – ap(config)# ip admission name W eb_auth pr oxy http – ap(config)# interface dot1 ...

  • Cisco Systems OL-29225-01 - page 251

    11-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Guest Access Management Step 4 T o let the system automati cally generate a random string as a password, check the Generate Passw ord check box. Alternati v ely , you can manually enter the passwo rd v alue. Step 5 ...

  • Cisco Systems OL-29225-01 - page 252

    11-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Guest Access Man agement Step 4 Sav e the customized pages to the web server . Step 5 In the access point GUI, bro w se to the Management > Guest Management Services page. Step 6 Select W ebauth Login. Step 7 Br ...

  • Cisco Systems OL-29225-01 - page 253

    11-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 11 Configuring Authen tication Types Guest Access Management Note In the previous commands acl-in and acl-out are the names of the Access-list. These A CLs allow you to do wnload the i mage f ile from t he ma chine, where it is stored and us e it for ...

  • Cisco Systems OL-29225-01 - page 254

    11-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 11 Configurin g Authentication Types Guest Access Man agement ...

  • Cisco Systems OL-29225-01 - page 255

    CH A P T E R 12-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access points for wireless domain services (WDS), fast, secure roaming of cli ent devices, radio mana ...

  • Cisco Systems OL-29225-01 - page 256

    12-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding WDS Understanding WDS When you conf igure W ireless Domain Services on your network, access point s on your wirele ss LAN use the WDS device ( ...

  • Cisco Systems OL-29225-01 - page 257

    12-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Understanding Fast Secure Roaming Role of Access Points Using the WDS Device The access points on your wir eless LAN intera ct with the WDS device in ...

  • Cisco Systems OL-29225-01 - page 258

    12-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Understanding Wireless Intr usion Detection Services Figur e 12-2 Client Reassociation Using CCKM and a WDS Access P oint The WDS device maintains a cache o ...

  • Cisco Systems OL-29225-01 - page 259

    12-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS • Switch port tracing and rogu e suppression—Switch port tracing and suppression uses an RF detection method th at produces the r ...

  • Cisco Systems OL-29225-01 - page 260

    12-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Guidelines for WDS Follo w th ese guidelines when conf iguring WDS: • A WDS access point that also serves client de vi ces supports up to ...

  • Cisco Systems OL-29225-01 - page 261

    12-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Figure 12-3 sho ws the required conf iguration for each de vice that pa rticipates in WDS. Figure 12-3 Configurations on Devi ces Par ...

  • Cisco Systems OL-29225-01 - page 262

    12-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Figure 12-4 General Setup Hostname ap pa ge Step 3 Check the Use this AP as W ireless Domain Services check box. Step 4 In the W irel ess Do ...

  • Cisco Systems OL-29225-01 - page 263

    12-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Step 12 Co nfigure the list of servers to be used for 802.1x authenticati on for wireless clie nt devices. Y ou ca n specify a separa ...

  • Cisco Systems OL-29225-01 - page 264

    12-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS For complete descriptio ns of the command s used in this e xample, co nsult the Cisco IOS Command Refer ence for Cisco Air onet Access P oi ...

  • Cisco Systems OL-29225-01 - page 265

    12-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Step 5 In the Password f i eld, enter a password for the access point, and enter the password again in the Conf irm Passwo rd f ield ...

  • Cisco Systems OL-29225-01 - page 266

    12-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Configuring the Authentication Server to Support WDS The WDS device and all access points participating in WDS must authenticat e to your a ...

  • Cisco Systems OL-29225-01 - page 267

    12-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Step 6 Check the A uthentication Settings ch eck box. The f ields in the Authen tication Settings area get enabled. Step 7 For the R ...

  • Cisco Systems OL-29225-01 - page 268

    12-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Figure 12-9 Cisco ISE Networ k Access Users pag e detailed Configuring WDS Only Mode WDS access points can operate in WDS onl y mode using ...

  • Cisco Systems OL-29225-01 - page 269

    12-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring WDS Viewing WDS Information On the web-bro wser interface, b ro wse to the W ireless Services Summary page to vie w a summary of WDS sta ...

  • Cisco Systems OL-29225-01 - page 270

    12-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring WDS Using Debug Messages In pri vileg ed ex ec mode, use these deb ug commands to cont rol the display o f debug messages f or de vices interac ...

  • Cisco Systems OL-29225-01 - page 271

    12-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Fast Secure Roaming Configuring Fast Secure Roaming After you conf igure WDS, access points conf igured for CCKM can pro vide fast, secu ...

  • Cisco Systems OL-29225-01 - page 272

    12-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Fa st Secure Roaming Configuring Access Points to Support Fast Secure Roaming T o support f ast, secure roaming, the access points on your wir ...

  • Cisco Systems OL-29225-01 - page 273

    12-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Fast Secure Roaming Figure 12-1 1 Global SSID Manager P ag e Step 7 On the tar get SSID wher e CCKM (fa st secure roami ng) needs to be ...

  • Cisco Systems OL-29225-01 - page 274

    12-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Fa st Secure Roaming CLI Configuration Example This example sho ws the CLI commands that ar e equiv alent to the steps listed in the “Configu ...

  • Cisco Systems OL-29225-01 - page 275

    12-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Management Frame Protection Step 7 Click Apply . Beginning in pri vile ged EXEC mode, perform these steps to conf igure 802.11r usin g t ...

  • Cisco Systems OL-29225-01 - page 276

    12-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Management Frame Pro tection associated). Client MFP lev erages the security me chanisms def ined by IEEE 802.11i to protect class 3 Unicast ma ...

  • Cisco Systems OL-29225-01 - page 277

    12-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Management Frame Protection Configuring Client MFP The following CLI comm ands can be used to d isplay a nd clear Client MFP statistics ...

  • Cisco Systems OL-29225-01 - page 278

    12-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Management Frame Pro tection Protection of Management Frames with 802.11w The current 802.11 standard d efines f rame types for use in the mana ...

  • Cisco Systems OL-29225-01 - page 279

    12-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Radio Mana gement These commands are optional. Def ault time interv als ar e conf igured if these co mmands are not used. T o confi guri ...

  • Cisco Systems OL-29225-01 - page 280

    12-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Access Points to Participate in WIDS Configuring Access Points to Participate in WIDS T o participate in WIDS, access points must be configured ...

  • Cisco Systems OL-29225-01 - page 281

    12-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, an d Wireless Intrusion Dete ction Services Configuring Access Points to Participate in WIDS Beginning in pri vile ged EXEC mode, follo w these st eps to configure the access point to capture ...

  • Cisco Systems OL-29225-01 - page 282

    12-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 12 Configuring WD S, Fast Secure Roam ing, Radio Management, and Wi reless Intrusio n Detection Configuring Access Points to Participate in WIDS Configuring Monitor Mode Limits Y o u can configure threshold v alues that the access po int uses in monit ...

  • Cisco Systems OL-29225-01 - page 283

    CH A P T E R 13-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 13 Configuring RADIUS and TACACS+ Servers This chapter describes ho w to enable and con figur e the Remo te Authent icati on Dial-In User Service (RADIUS) and T erminal Access Cont roller Access Control System Plus (T A CA CS+), that provides deta ...

  • Cisco Systems OL-29225-01 - page 284

    13-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Understanding RADIUS RADIUS is a distributed client/server system th at secures networks against unauthorized access. RADIUS clien ts run on suppo rted Cisco devices and send a ...

  • Cisco Systems OL-29225-01 - page 285

    13-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Figur e 13-1 Sequence fo r EAP A uthentication As s h own i n Figure 13-1 , at the start, a wireless client device and a RADIUS server on the wired LAN use 802.1x and EAP to pe ...

  • Cisco Systems OL-29225-01 - page 286

    13-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Configuring RADIUS This section descri bes ho w to conf igure your access point to support RADIUS. At the minimum, y ou must identify t he host(s) that run the RADIUS serv er s ...

  • Cisco Systems OL-29225-01 - page 287

    13-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Identifying the RADIUS Server Host Access point-to-RADIUS-server communi cation in volves se ve ral components: • Host name or IP address • Authentication destinati on port ...

  • Cisco Systems OL-29225-01 - page 288

    13-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Command Purpose Step 1 configur e terminal Enter global conf iguration mo de. Step 2 aaa new-model Enable AAA. Step 3 radius-server {hostname | ip-address}[ auth-port port-numb ...

  • Cisco Systems OL-29225-01 - page 289

    13-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS T o remov e the specified RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. This example shows ho w to configure one RADIUS se ...

  • Cisco Systems OL-29225-01 - page 290

    13-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o disable AAA , use the no aaa new-model global conf iguration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1 [ ...

  • Cisco Systems OL-29225-01 - page 291

    13-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Defining AAA Server Groups Y ou can configure the access point t o use AAA server group s to group ex isting server ho sts for authentication. Y ou select a subset of the confi ...

  • Cisco Systems OL-29225-01 - page 292

    13-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Step 3 radius-server host { hostname | ip-addr ess } [ auth-port port-number ] [ acct-port port-number ] [ timeout seconds ] [ retransmit re t r ie s ] [ key string ] Specify ...

  • Cisco Systems OL-29225-01 - page 293

    13-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS T o remov e the specified RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command. T o remove a serv er group from the conf igurati ...

  • Cisco Systems OL-29225-01 - page 294

    13-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Beginni ng in pri vileged EXEC mode, fol lo w these steps to specify RADIUS authorizatio n for pri vile ged EXEC access and network services: T o disable authorization, use th ...

  • Cisco Systems OL-29225-01 - page 295

    13-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Note When WDS is configured, PoD requ ests should be directed to the WDS. The WDS forwards the disassociation request to the parent access point and th en purges the sessi on ...

  • Cisco Systems OL-29225-01 - page 296

    13-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o return to the d efault CSID format, use t he no form of the dot11 aa a csid command, or enter dot11 aaa csid default . Note Y ou can also use the wlccp wds aaa csid comman ...

  • Cisco Systems OL-29225-01 - page 297

    13-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Configuring Settings fo r All RADIUS Servers Beginni ng in pri vile ged EXEC mode, follo w these steps to conf igure gl obal communication set tings between the acc ess point ...

  • Cisco Systems OL-29225-01 - page 298

    13-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS This example sh ow s how to set up two main ser vers with a serv er deadtime of 10 minutes: ap(config)# aaa new-model ap(config)# radius server server1 ap(config-radius-server ...

  • Cisco Systems OL-29225-01 - page 299

    13-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS For a complete list of RADIUS attribut es or more information about VSA 26, see t he RADIUS guides at the follo wing URL: http://www .cisco.com/en/US/docs/ios-xml/i os/securi ...

  • Cisco Systems OL-29225-01 - page 300

    13-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS T o delete the v endor -proprietary RADIUS host, use the no radius-server host { hostnam e | ip-addr ess } non-standard global conf iguration command. T o disable the key , us ...

  • Cisco Systems OL-29225-01 - page 301

    13-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS Beginning in pri vile ged EXEC mode, follo w these st eps to specify WISPr RADIUS attributes on the access point: This exampl e sho ws ho w to conf igur e the WISPr location-n ...

  • Cisco Systems OL-29225-01 - page 302

    13-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS RADIUS Attributes Sent by the Access Point T able 13-2 through Ta b l e 1 3 - 6 ident ify the attri butes sen t by an a ccess point to a client in access-request, access-accep ...

  • Cisco Systems OL-29225-01 - page 303

    13-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enab ling RADIUS T able 13-4 Attr i butes Sent in Accounting-Request (star t) P ac k ets Attribute ID Description 1U s e r - N a m e 4 N AS-IP-Addres s 5N A S - P o r t 6 Service-T ype 25 Clas ...

  • Cisco Systems OL-29225-01 - page 304

    13-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling RADIUS Note By default, the access point sends reauthenticati on requests to the authenticat ion server with the service-type attrib ute set to authenticat e-only . Ho we ver , some ...

  • Cisco Systems OL-29225-01 - page 305

    13-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ Configuring and Enabling TACACS+ This section contains this conf iguration infor mation: • Understanding T A CA CS+, page 13-23 • T A CA CS+ Operation, p age 13-24 • Con ...

  • Cisco Systems OL-29225-01 - page 306

    13-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+ TACACS+ Operation When an administrator attempts a simple ASCII login by authenticating to an access po int using T A CA CS+, this process occu rs: 1. When the connection i s ...

  • Cisco Systems OL-29225-01 - page 307

    13-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ This section contains this conf iguration infor mation: • Default T ACA CS+ Configuration , page 13-25 • Identifying t he T ACA CS+ Server Host and Settin g the Authentica ...

  • Cisco Systems OL-29225-01 - page 308

    13-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+ T o remov e the specified T A CA CS+ server name or address, use the no tacacs-server host hostname global conf iguratio n command. T o remove a ser ver group fro m the conf ...

  • Cisco Systems OL-29225-01 - page 309

    13-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ T o disable AAA , use the no aaa new-model global confi guration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } method1 ...

  • Cisco Systems OL-29225-01 - page 310

    13-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+ The aaa authoriza tion exec ta cacs+ local command set s these authorization pa rameters: • Use T ACA CS+ for pri vileged EXEC access authorizatio n if authentication w as ...

  • Cisco Systems OL-29225-01 - page 311

    13-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 13 Configuring RADIUS and TACACS+ Server s Configuring and Enabling TACACS+ T o disable accoun ting, use the no aaa accounting { network | exec } { start-stop } method 1... global confi guration command. Displaying the TACACS+ Configuration T o displa ...

  • Cisco Systems OL-29225-01 - page 312

    13-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 13 Config uring RADIUS and TACACS+ Servers Configuring and Enab ling TACACS+ ...

  • Cisco Systems OL-29225-01 - page 313

    CH A P T E R 14-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 14 Configuring VLANs This chapter describes how to configure your access point to operate with the VLANs set up on your wired LAN. This chapter contains th e follo wing sections : • Understanding VLANs, page 14-2 • Conf iguring VLANs, p age 14 ...

  • Cisco Systems OL-29225-01 - page 314

    14-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 14 Configuring VLA Ns Understanding VLANs Understanding VLANs A VLAN is a switched network that is logically segmen ted, by functions, project teams, or applications rather than on a physical or geographical basis. For e xample, all w orkstations and s ...

  • Cisco Systems OL-29225-01 - page 315

    14-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 14 Configuring VLANs Understanding VLANs Figur e 14-1 LAN and VLAN Segmentation with Wire less Devices For more inf ormation on VLAN design and conf igurati on, see the Cisco IOS Switching Services Config uration Guide at th e follo wing URL: http://ww ...

  • Cisco Systems OL-29225-01 - page 316

    14-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 14 Configuring VLA Ns Configuring VLANs Y o u can assign m ore than on e SSID to a giv en VLAN. H owe v er , a giv en SSID can be mapp ed to only one VLAN. Also, th e SSID to VLAN mappi ng must be unique pe r interface. For e xample, you configure SSID ...

  • Cisco Systems OL-29225-01 - page 317

    14-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 14 Configuring VLANs Configuri ng VLANs Configuring a VLAN Configuring your access point to sup port VLANs is a three-step process: 1. Enable the VLAN on the radio and Ethernet ports. Enabling the VLAN on the radio and Ethernet po rts also create s the ...

  • Cisco Systems OL-29225-01 - page 318

    14-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 14 Configuring VLA Ns Configuring VLANs Step 2 - Creating an SSID and assigning it to a VLAN Beginni ng in pri vile ged EXEC mode, follo w these steps to assign an SSID to a VLAN. Step 3 - Assigning encryption settings to a VLAN on a given radio interf ...

  • Cisco Systems OL-29225-01 - page 319

    14-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 14 Configuring VLANs Configuri ng VLANs • Assign an SSID to a VLAN • Assign an AES-CCMP encryption method t o a VLAN • Assign an SSID to a radio inte rface ap# configure terminal ap(config)# interface dot11Radio 0.31 ap(config-subif)# encapsulati ...

  • Cisco Systems OL-29225-01 - page 320

    14-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 14 Configuring VLA Ns Configuring VLANs Use the no form of the command to remov e the name from the VLAN. Use the show dot11 vlan-name priv ileged EXEC command to list all the VLAN na me and ID pairs configured on the access point. Using a RADIUS Serve ...

  • Cisco Systems OL-29225-01 - page 321

    14-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 14 Configuring VLANs Configuri ng VLANs Other 0 995 0 packets, 0 bytes input 0 packets, 0 bytes output Other 0 995 0 packets, 0 bytes input 0 packets, 0 bytes output Other 0 995 4330 packets, 363704 bytes input 995 packets, 75675 bytes output Virtual L ...

  • Cisco Systems OL-29225-01 - page 322

    14-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 14 Configuring VLA Ns VLAN Configuration Ex ample VLAN Configuration Example This example sh ow s how to use VLANs to manage wireless de vices on a colle ge campus. In thi s exam ple, three l e vels of access are a vailable thro ugh VLANs conf igured ...

  • Cisco Systems OL-29225-01 - page 323

    14-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 14 Configuring VLANs VLAN Configuration Example T able 14-2 sho ws the commands needed to config ure the three VLANs in this example. T able 14-3 sho ws the results of the con figur ation commands in T able 14-2 . Use the sho w running command to disp ...

  • Cisco Systems OL-29225-01 - page 324

    14-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 14 Configuring VLA Ns VLAN Configuration Ex ample Notice that when yo u config ure a bridge group on the radio interf ace, these commands are set automatically: bridge-group 2 subscriber-loop-control bridge-group 2 block-unknown-source no bridge-group ...

  • Cisco Systems OL-29225-01 - page 325

    CH A P T E R 15-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 15 Configuring QoS This chapter describes how to conf igure quality of se rvice (QoS) on your access point. W ith this feature, you can provide preferential treatment to certain traff i c at the expense of others. W i thout QoS, the access point o ...

  • Cisco Systems OL-29225-01 - page 326

    15-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs Understanding QoS for Wireless LANs T ypically , networks o perate on a best-ef fort deli v ery ba sis, which means that all traf f ic has equal priority and an equal chance of being deli vered in ...

  • Cisco Systems OL-29225-01 - page 327

    15-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs Regardless of the client support (or lack of supp ort) for WM M, Cisco access points support WMM and can be configured to pr ovide wireless QoS i n the downst ream directi on (from the AP to wa rd ...

  • Cisco Systems OL-29225-01 - page 328

    15-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs 2. QoS Element for W ir eless Phones sett ing—If you enable the QoS Element fo r W ireless Phon es setting, dynamic voice classifiers are created for ar e created for R TP-based traff ic, which a ...

  • Cisco Systems OL-29225-01 - page 329

    15-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 15 Configuring QoS Understanding QoS for Wireless LANs The access point uses WMM enhancements in packets sent to client devices that support WMM. The access point applies basic Q oS policies to pack ets sent to clients that do not support WMM. Use the ...

  • Cisco Systems OL-29225-01 - page 330

    15-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Configuring QoS Step 3 Enter the v alues for the follo wing: • Client-Rssi—Minimum Recei v e Signal Strength Indicator (RSSI) requi red for the client to be eligible for band select. The range is from 20 t o 90. • Cycle-Count? ...

  • Cisco Systems OL-29225-01 - page 331

    15-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 15 Configuring QoS Configuri ng QoS • QoS does not create additional band width for your wireless LAN ; it helps control the allocat ion of bandwidth. If y ou ha ve plenty o f bandwidth on your wireless LAN, you mi ght not need to conf igure QoS. • ...

  • Cisco Systems OL-29225-01 - page 332

    15-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Configuring QoS Note Y ou can also select tw o preconf igured QoS po lic ies: WMM and Spectralink. Wh en you select either of these, a set of default classifications are automatically populated in the Classification fie l d . Step 4 ...

  • Cisco Systems OL-29225-01 - page 333

    15-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 15 Configuring QoS Configuri ng QoS • Assured Forw arding — Class 3 Medium • Assured Forw arding — Class 3 Hig h • Assured Forw arding — Class 4 Lo w • Assured Forw arding — Class 4 Medium • Assured Forw arding — Class 4 Hig h • C ...

  • Cisco Systems OL-29225-01 - page 334

    15-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Configuring QoS Step 16 Us e the Apply Policies to Interface/VLANs drop-down lis ts to apply polici es to the access point Ethernet and radio ports. If VLA Ns are confi gured on the access point , drop-do wn list s for each VLANs’ ...

  • Cisco Systems OL-29225-01 - page 335

    15-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 15 Configuring QoS Configuri ng QoS IGMP Snooping When Internet Group Membership Prot ocol (IGMP ) snooping is enabl ed on a switch, the switch forwards multicast traf f ic only to those po rts where the switch regist ers that multicast tr af fi c as ...

  • Cisco Systems OL-29225-01 - page 336

    15-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Configuring QoS Rate Limiting Rate limiting pro vides control o v er the data traf f ic transmitted or recei ved on an interf ace.The Class-Based Policing feature performs the follo w ing functions: • Limits the input or output t ...

  • Cisco Systems OL-29225-01 - page 337

    15-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 15 Configuring QoS Configuri ng QoS Figur e 15-4 Radio Access Categ or ies Pag e W irel ess clients using TCLAS and TSPEC can request a class of serv ice through an ADDTS (add T raff ic Stream Request) sent to the access point be fore th e client init ...

  • Cisco Systems OL-29225-01 - page 338

    15-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Configuring QoS Optimized Voice Settings Using the Admi ssion Control check bo xes, you can cont rol client use of the acc ess categories. When you enable admission control for an acce ss category , clients associated to the access ...

  • Cisco Systems OL-29225-01 - page 339

    15-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 15 Configuring QoS Configuri ng QoS Follo w these steps to enable admission control on an SSID: Step 1 Open the SSID Manager page. Step 2 Select an SSID. Step 3 Under General Settings , select Enable in the Call Admission Contr ol fie l d . Troublesho ...

  • Cisco Systems OL-29225-01 - page 340

    15-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 15 Configuring QoS Configuring QoS – If Low Latency is selected, you can configure the amou nt of retries that the A P should u se before discarding the current pack et and sending the nex t one. For l ow latency traf f ic, skipping a packet is usua ...

  • Cisco Systems OL-29225-01 - page 341

    CH A P T E R 16-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 16 Configuring Filters This chapter describe s how to configure and manage MA C address, IP , and EtherT ype filters on the access point using the we b-bro wser interface. Th is chapter contains the follo wing sections: • Understanding Filters, ...

  • Cisco Systems OL-29225-01 - page 342

    16-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Understanding Filters Understanding Filters Protocol filters (IP protocol , IP port, and EtherT ype ) prev ent or allow the use of specific protocol s through the acc ess point’ s Ethernet and rad io ports. Y ou ca n set up ind ...

  • Cisco Systems OL-29225-01 - page 343

    16-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Configuring Filters Using the Web-Browser Interface This section descri bes ho w to conf igure and enab le f ilters using the web-bro wser interface. Y ou complete two steps to ...

  • Cisco Systems OL-29225-01 - page 344

    16-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Follo w this lin k path to reach the Address Filters page: 1. Click Services in the page na vigation bar . 2. In the Services page list, click Filters . 3. On the Apply Filter ...

  • Cisco Systems OL-29225-01 - page 345

    16-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Figur e 16-2 Apply Filters P ag e Step 12 Select the filter number from o ne of the MA C drop-do wn lists. Y ou can apply the f ilter to either or bot h the Ethernet and radio p ...

  • Cisco Systems OL-29225-01 - page 346

    16-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface The follo wing example applies the MA C address access li st 701 created above to the Radio 0 interface, in the inbound direct ion. Ho we ver , no VLAN was creat ed on the int ...

  • Cisco Systems OL-29225-01 - page 347

    16-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Step 3 Click Advanced Security to bro wse to the Adv anced Security: MA C Address Authentication page. Figure 16-4 sho ws the MA C Addre ss Authentication page. Figur e 16-4 Adv ...

  • Cisco Systems OL-29225-01 - page 348

    16-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Step 1 Creating a MA C address access-list using the command ac cess-list number-700-799. Step 2 Use the global configuration command dott11 association mac-list list-number t ...

  • Cisco Systems OL-29225-01 - page 349

    16-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Determining the source of MAC Authentication T o def ine the source of MA C address verif ication f or SSID MA C authenticat ion, go to Security > Advanced Security > MA C ...

  • Cisco Systems OL-29225-01 - page 350

    16-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Using the AP internal RADIUS server for MAC address auth entication If you want t o use a list of MA C ad dresses defin ed in the AP internal RADIUS ser ver page, go t o Secu ...

  • Cisco Systems OL-29225-01 - page 351

    16-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface In the Corporate Servers secti on, you can add a ne w serv er for your AP . For this: Step 1 Enter the AP’ s IP addre ss in the Se rver fie l d Step 2 Enter the same Shared S ...

  • Cisco Systems OL-29225-01 - page 352

    16-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Creating a Time-Based ACL T ime-based A C Ls are A CLs that can be enabled or disabled for a specific period of time. This capabili ty provid es robust ness and the flexib il ...

  • Cisco Systems OL-29225-01 - page 353

    16-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface ACL Logging A CL logging i s not supported on the bridging interf aces of AP platforms. When applied on brid ging interface, it wi ll work as if conf igured without “log” o ...

  • Cisco Systems OL-29225-01 - page 354

    16-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Creating an IP Filter Follo w these steps to create an IP f ilter: Step 1 Follo w the l ink path to the IP Filters page. Step 2 If you are creating a new f ilter , make sure ...

  • Cisco Systems OL-29225-01 - page 355

    16-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Step 15 When the filter is complete, click A pply . The f ilter is sav ed on the access poin t, but it is not enabled un til you apply it on the Appl y Filters pa ge. Step 16 C ...

  • Cisco Systems OL-29225-01 - page 356

    16-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface Figur e 16-8 EtherT ype Filters P age Follo w th is link path to reach the EtherT ype Filters page: 1. Click Services in the page na vigation bar . 2. In the Services page li ...

  • Cisco Systems OL-29225-01 - page 357

    16-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Browser Interface Step 8 Select For w a r d A l l or Block All fro m the Defaul t Action menu. Th e filt er’ s default action must b e the opposite of the actio n for at least one of th e Ethe ...

  • Cisco Systems OL-29225-01 - page 358

    16-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 16 Configuring Filters Configuring Filters Using the Web-Br owse r Interface ...

  • Cisco Systems OL-29225-01 - page 359

    CH A P T E R 17-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 17 Configuring CDP This chapter describes ho w to conf igure Cisco D iscov ery Protocol (CDP) on you r access point. Note For complete syntax and usage in formation for the co mmands used in this chapter, refer to the Cisco Air onet IOS Command Re ...

  • Cisco Systems OL-29225-01 - page 360

    17-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 17 Configur ing CDP Understanding CDP Understanding CDP Cisco Discov ery Protoc ol (CDP) is a de vice-disco v ery pro tocol that runs on all Cisco networ k equipment. Each de vice sends identi fying messages to a multicast address, and e ach de vice mo ...

  • Cisco Systems OL-29225-01 - page 361

    17-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 17 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This exampl e sho ws ho w to conf igur e and v erify CDP characteristics: AP# configure terminal AP(config)# cdp holdtime 120 AP(config)# cdp tim ...

  • Cisco Systems OL-29225-01 - page 362

    17-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 17 Configur ing CDP Configuring CDP This e xample sho ws how to enable CD P . AP# configure terminal AP(config)# cdp run AP(config)# end Disabling and Enabling CDP on an Interface CDP is enabled by def ault on all supported in terfaces to send and r ec ...

  • Cisco Systems OL-29225-01 - page 363

    17-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 17 Configuring CDP Monitori ng and Maintaining CDP Monitoring and Maintaining CDP T o monitor and mai ntain CDP on your de vice, perform o ne or more of these tasks, be ginning in pri vile ged EXEC mode. Belo w are si x exampl es of output from t he CD ...

  • Cisco Systems OL-29225-01 - page 364

    17-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 17 Configur ing CDP Monitoring and Maintaining CDP Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=0000000 0FFFFFFFF010221FF00000000000000024B293A00FF0000 VTP Management Domain: '' Duplex: full ------------------------ ...

  • Cisco Systems OL-29225-01 - page 365

    17-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 17 Configuring CDP Enabling CDP Logging GigabitEthernet0/8 is up, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds AP# show cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Rou ...

  • Cisco Systems OL-29225-01 - page 366

    17-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 17 Configur ing CDP Enabling CDP Logging ...

  • Cisco Systems OL-29225-01 - page 367

    CH A P T E R 18-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 18 Configuring SNMP This chapter describe s how to configure the Simple Network Managemen t Protocol (SNM P) on your access point. Note For complete syntax and usage info rmation for th e commands used i n this chapter , refer to the Cisco IOS Com ...

  • Cisco Systems OL-29225-01 - page 368

    18-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 18 Configu ring SNMP Understanding SNMP Understanding SNMP SNMP is an appli cation-layer protocol that p r ovides a message format for communication between SNMP manage rs and agents. The SN MP manager ca n be part of a net work management system (NMS) ...

  • Cisco Systems OL-29225-01 - page 369

    18-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 18 Configuring SNMP Understanding SNMP T able 18-1 lists the SNMP ve rsions and security le vels supported on access points. SNMP Manager Functions The SNMP manager uses information in the MIB to perform the oper ations described in T able 18-2 . T abl ...

  • Cisco Systems OL-29225-01 - page 370

    18-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 18 Configu ring SNMP Understanding SNMP SNMP Agent Functions The SNMP agent responds to SNMP manager request s as follo ws: • Get a MIB variable—The SNM P agent b egins this func tion in r esponse to a request f rom the NMS. The agent retriev es th ...

  • Cisco Systems OL-29225-01 - page 371

    18-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 18 Configuring SNMP Configuring SNMP Figur e 18-1 SNMP Networ k For information on supported MIBs and ho w to access them, see Appendix B, “Supported MIBs. ” Configuring SNMP This section descri bes ho w to conf igure SNMP on your access point. I t ...

  • Cisco Systems OL-29225-01 - page 372

    18-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 18 Configu ring SNMP Configuring SNMP Enabling the SNMP Agent No specif ic CLI command exists to enable SNMP . The first snmp-serv er global conf iguration co mmand that you enter enab les the supported v ersions of SNMP . Y o u can also enable SNMP on ...

  • Cisco Systems OL-29225-01 - page 373

    18-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 18 Configuring SNMP Configuring SNMP Beginni ng in pri vile ged EXEC mode, follo w these steps t o config ure a community string on th e access point: Command Purpose Step 1 configure t erminal Enter global co nfiguration mode. Step 2 s nmp-server comm ...

  • Cisco Systems OL-29225-01 - page 374

    18-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 18 Configu ring SNMP Configuring SNMP T o disable access fo r an SNMP community , set the community st ring for that commun ity to the null string (do not enter a v alue for th e community string). T o remov e a specif ic community string, use th e no ...

  • Cisco Systems OL-29225-01 - page 375

    18-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 18 Configuring SNMP Configuring SNMP Access points running this Cisco IOS release can have an unli mited number of trap managers. Community strings can be an y length. T able 18-4 describes the supported access point tr aps (notif ication types). Y ou ...

  • Cisco Systems OL-29225-01 - page 376

    18-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 18 Configu ring SNMP Configuring SNMP T o remove the specified host from re ceiving traps, use th e no snmp-server host host global confi guration command. T o disable a specif ic trap type, use the no snmp-server enable traps notif ication-t ypes glo ...

  • Cisco Systems OL-29225-01 - page 377

    18-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 18 Configuring SNMP Configuring SNMP Using the snmp-server view Command In global conf iguration mod e, use the snmp-server view command to access Stan dard IEEE 802.11 MIB objects through IEEE view and the dot11 read-write community string. This exam ...

  • Cisco Systems OL-29225-01 - page 378

    18-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 18 Configu ring SNMP Displaying SNMP Status This example sho ws how to allo w read-only access for all objects to members of access list 4 that use the comacces s community string. No other SNMP managers ha v e access to any o bjects. SNMP Authenticat ...

  • Cisco Systems OL-29225-01 - page 379

    CH A P T E R 19-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode This chapter describes how to conf ig ure your a ccess point as a repeater , as a hot standby unit, or as a workgroup bridge. This chapter co ntains the following sections ...

  • Cisco Systems OL-29225-01 - page 380

    19-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Repeater Ac cess Points Understanding Repeater Access Points A repeater access point is not connected to the wired LAN ; it is placed within radio range of an ...

  • Cisco Systems OL-29225-01 - page 381

    19-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring a Repeater Access Point Figur e 19-1 Access P oint as a Repea ter Configuring a Repeater Access Point This section pro vides instruct ions for setting u p an acc ...

  • Cisco Systems OL-29225-01 - page 382

    19-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Re peater Access Point Default Configuration Access points are configured as root units by default. T able 19-1 sho ws the def ault v alues for settings that c ...

  • Cisco Systems OL-29225-01 - page 383

    19-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring a Repeater Access Point Setting Up a Repeater Beginning in Pri vileged Exec mode, fol low th ese steps to conf igure an access point as a repeater: Command Purpo ...

  • Cisco Systems OL-29225-01 - page 384

    19-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Aligning Antennas The follo wing example sho ws how to set up a repeat er access point with three potential parents, designated 1 t o 3: AP# configure terminal AP(config)# i ...

  • Cisco Systems OL-29225-01 - page 385

    19-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Aligning Antennas Use the show dot11 antenna-alignment command to list the MA C addre sses and signal lev el for the last 10 de vices that responded to the probe. Verifying ...

  • Cisco Systems OL-29225-01 - page 386

    19-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Aligning Antennas Setting Up a Repeater As a EAP-FAST Client Y o u can set up a repeater access point to authenticat e t o your network like ot her wirele ss client devices. ...

  • Cisco Systems OL-29225-01 - page 387

    19-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Understanding Hot Standby Understanding Hot Standby Hot Standby mode designates an access point as a backup for another acces s point. The standby access point is placed nea ...

  • Cisco Systems OL-29225-01 - page 388

    19-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Hot Standby Access Point Note The MA C address of the moni tored access point might chan ge if a BSSID on the monitored unit is ad ded or deleted. If you use ...

  • Cisco Systems OL-29225-01 - page 389

    19-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring a Hot Standby Access Po int Beginni ng in Pri vileg ed Exec mode , follow these st eps to enable hot standby mode on an access point: Command Purpose Step 1 con ...

  • Cisco Systems OL-29225-01 - page 390

    19-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Hot Standby Access Point After you enable standby mode, conf igure the settings that you recorded from the monitored access point to match on the standby acce ...

  • Cisco Systems OL-29225-01 - page 391

    19-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Understanding Workgroup Bridge Mode Use this command to check the stand by confi guration: show iapp standby-parms This command di splays the MAC address of the st andby ac ...

  • Cisco Systems OL-29225-01 - page 392

    19-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Wo rkgroup Brid ge Mode Figure 19-2 sho ws an access point in workgroup br idge mode. Figur e 1 9-2 Access P oint in W or k gr oup Br idg e Mode Treating Work ...

  • Cisco Systems OL-29225-01 - page 393

    19-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Understanding Workgroup Bridge Mode bridges, t hat can as sociat e to an access point or bridge. T o increase beyond 20 the number of wo rkgroup bridges that can associate ...

  • Cisco Systems OL-29225-01 - page 394

    19-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Wo rkgroup Brid ge Mode Y ou can also configure the p eriodicity of scans. When the con nection conditions deteriorate, th e workgroup b ridge scans for a bet ...

  • Cisco Systems OL-29225-01 - page 395

    19-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Workgroup Bridge VLAN Tagging Configuring a Client VLAN If the de vices connected to the w orkgroup br idge’ s Ethernet port should all b e assigned to a particular VLAN, ...

  • Cisco Systems OL-29225-01 - page 396

    19-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring Work group Bridge Mode Step 3 station-role w orkgroup-bri dge [universal m ac-addr ess ] Set the radio role to w orkgroup bridge. (Optional) When conf igured as ...

  • Cisco Systems OL-29225-01 - page 397

    19-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Configuring Workgroup Bridge Mode Step 6 infrastructure-ssid Designat e the SSID as a n infrastructur e SSID. Note The workgro up bridge must use an i nfrastructure SSID to ...

  • Cisco Systems OL-29225-01 - page 398

    19-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring Work group Bridge Mode This e xample sho ws ho w to configur e an access poin t as a w orkgroup bridge. In this example, the workgroup bri dge uses the conf igu ...

  • Cisco Systems OL-29225-01 - page 399

    19-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Using Workgroup Bridges in a Lightweight Environment This example sho ws ho w to set up a workgroup bridge with the parent access points, designated 1 and 2: AP(config-if)# ...

  • Cisco Systems OL-29225-01 - page 400

    19-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment Guidelines for Using Workgroup Br idges in a Lightweight Environment Follo w th ese guidelines for using w orkgroup br ...

  • Cisco Systems OL-29225-01 - page 401

    19-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 19 Configuring Repeater a nd Standby Access Po ints and Workgro up Bridge Mode Using Workgroup Bridges in a Lightweight Environment • When you delete a workgroup bridg e record from the controller , all of the workgroup bridge wired clients’ recor ...

  • Cisco Systems OL-29225-01 - page 402

    19-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 19 Configurin g Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment ...

  • Cisco Systems OL-29225-01 - page 403

    CH A P T E R 20-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 20 Managing Firmware and Configurations This chapter describ es how to manipulate the Flash fi le system, ho w to copy configuration f iles, and ho w to archiv e (upload and do wnload) software images. Note For complete syntax and usage info rmati ...

  • Cisco Systems OL-29225-01 - page 404

    20-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with the Flash File System Displaying Available File Systems T o display t he av ailable f ile systems on your access point , use the show f ile systems pri vileged EXEC command as sho wn in this e xampl ...

  • Cisco Systems OL-29225-01 - page 405

    20-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with the Flash File System Setting the Default File System Y ou can specify the file system or directory that the system uses as the default f ile system by using th e cd filesyst em: pri vile ged EXEC co ...

  • Cisco Systems OL-29225-01 - page 406

    20-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with the Flash File System Displaying Information About Files on a File System Y ou can vie w a list o f the conte nts of a f il e system before manipulating its cont ents. For e xample, before copying a ...

  • Cisco Systems OL-29225-01 - page 407

    20-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with the Flash File System T o delete a directory with all i ts files and subdi rectories, use the delete /force /r ecursive filesystem :/ file - ur l privileged EXEC command. Use the /recursiv e ke yword ...

  • Cisco Systems OL-29225-01 - page 408

    20-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with the Flash File System Deleting Files When you no longer need a file on a Flash memory de vice, you can perman ently delete it. T o delete a file or directory from a speci fied Flash de vice, use the ...

  • Cisco Systems OL-29225-01 - page 409

    20-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with the Flash File System Displaying the Contents of a tar File T o display t he contents of a tar f ile on the screen, use this pri vileged EXEC command: archiv e tar /table sour ce-url For sour ce-url ...

  • Cisco Systems OL-29225-01 - page 410

    20-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files Extracting a tar File T o extract a tar file into a directo ry on the Flash file system, use this pr ivile ged EXEC com mand: archiv e tar /xtract sour ce-url flash:/ fil e - u r ...

  • Cisco Systems OL-29225-01 - page 411

    20-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s Yo u c a n c o p y ( do wnload ) conf iguration f iles from a TFTP , FTP , or RCP server to the running configuration of the access point for v arious reasons: • T o restore a ...

  • Cisco Systems OL-29225-01 - page 412

    20-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files config uration is used. Ho we ver , some commands in the existin g conf iguration migh t not be replaced or nega ted. In this case, the resulting conf iguration file is a mixt u ...

  • Cisco Systems OL-29225-01 - page 413

    20-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s Preparing to Download or Upload a Configuration File by Using TFTP Before you be gin do wnloading or up loading a conf igurat ion f ile by using TFTP , perform these tasks: • ...

  • Cisco Systems OL-29225-01 - page 414

    20-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files Use one of these privile ged EXEC commands: • copy system:running-config tftp : [[[ // location ] / dir ectory ] / filename ] • copy n vram:startup-conf ig tftp: [[[ // loca ...

  • Cisco Systems OL-29225-01 - page 415

    20-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s Preparing to Download or Upload a Configuration File by Using FTP Before you be gin do wnloading o r uploading a conf igurat ion f ile by using FTP , perform these tasks: • En ...

  • Cisco Systems OL-29225-01 - page 416

    20-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] ap# %SYS-5-CONFIG: Configured from host1-config by ftp from 172.16.101.101 This exampl e sho ws how to speci ...

  • Cisco Systems OL-29225-01 - page 417

    20-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s Building configuration...[OK] Connected to 172.16.101.101 ap# This example sh ow s how to store a startup conf iguration f ile on a serv er by using FTP to cop y the file: ap# c ...

  • Cisco Systems OL-29225-01 - page 418

    20-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Configuration Files Preparing to Download or Upload a Configuration File by Using RCP Before you be gin do wnloading o r uploading a conf igurat ion f ile by using RCP , perform these tasks: • En ...

  • Cisco Systems OL-29225-01 - page 419

    20-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Configuration File s This example sho ws ho w to cop y a conf iguration f ile named host1-confg from the netadmin1 directory on the remote se rver with an IP address of 172 .16.101.101 an d load and ...

  • Cisco Systems OL-29225-01 - page 420

    20-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s This exampl e sho ws how to copy the run ning conf iguration f ile named ap2-confg to the netadmin1 directory on the remote host with an IP address of 172.16.101.101: ap# copy syst ...

  • Cisco Systems OL-29225-01 - page 421

    20-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images The protocol you use d epends on which type of serv er you are using. Th e FTP and RCP transport mechanisms provide faster performance and more reliable deli very of data than TFTP . ...

  • Cisco Systems OL-29225-01 - page 422

    20-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s The info.ver f ile is always at the end of the tar file and contains the same informatio n as the info f ile. Because it is the last f ile in the tar f ile, its e xistence means th ...

  • Cisco Systems OL-29225-01 - page 423

    20-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Note T o a void an unsuccessful do wnload, use the ar chi ve dow nload-sw /safe command, whi ch do wnloads the image fi rst and does not delete the current runnin g version un til th ...

  • Cisco Systems OL-29225-01 - page 424

    20-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s Note If the Flash de vice has suf f icient space to hold tw o images and you w ant to ov erwrite one of these images with the same versi on, you must specify the /ov erwrite optio ...

  • Cisco Systems OL-29225-01 - page 425

    20-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Y o u do wnload an access point image file from a se rver to upgrade the access point software. Y ou can ov erwrite th e current i mage with th e ne w one or k eep the current image ...

  • Cisco Systems OL-29225-01 - page 426

    20-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s config uration command. This ne w name wil l be used during all archi v e operations. The ne w username is stored in NVR AM. If you are acce ssing the access point through a T elne ...

  • Cisco Systems OL-29225-01 - page 427

    20-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Note T o a void an unsuccessful do wnload, use the ar chi ve dow nload-sw /safe command, whi ch do wnloads the image fi rst and does not delete the current runnin g version un til th ...

  • Cisco Systems OL-29225-01 - page 428

    20-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s If you specify the /lea ve-old-sw , the existing f iles are not remo v ed. If there is not enough space to instal l the ne w image and k eep the r unning image, the do wn load proc ...

  • Cisco Systems OL-29225-01 - page 429

    20-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images The archiv e upload-sw command b uilds an image f ile on the serv er by uploading th ese fi les in order: info, the Cisco IOS image, th e HTML files, and i nfo.ver . After these f il ...

  • Cisco Systems OL-29225-01 - page 430

    20-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s RCP requires a client to send a remote usern ame on each RCP request to a server . When you cop y an image from the access point to a server by using RCP , the Cisco IOS software s ...

  • Cisco Systems OL-29225-01 - page 431

    20-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Downloading an Image File by Using RCP Y o u can download a ne w image f ile an d replace or keep the cu rrent image. Caution For the do wnload and upload algo rithms to op erat e pr ...

  • Cisco Systems OL-29225-01 - page 432

    20-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s Note T o a void an unsuccessful do wnload, use the ar chi ve dow nload-sw /safe command, whi ch do wnloads the image fi rst and does not delete the current runnin g version un til ...

  • Cisco Systems OL-29225-01 - page 433

    20-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Note If the Flash de vice has suf f icient space to hold tw o images and you w ant to ov erwrite one of these images with the same versi on, you must specify the /ov erwrite optio n. ...

  • Cisco Systems OL-29225-01 - page 434

    20-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s The archi ve upload-sw pri vile ged EXEC command buil ds an image f ile on the serv er by uploading these files in order: info, the Cisco IOS i mage, the HTML files, and info.ver . ...

  • Cisco Systems OL-29225-01 - page 435

    20-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 20 Managing Firmware and Configurations Working with Software Images Browser TFTP Interface The TFTP interface allo ws you to use a TFTP se rver on a network de vice to load the access point image file. F ollo w the instruct ions belo w to use a TFTP ...

  • Cisco Systems OL-29225-01 - page 436

    20-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 20 Mana ging Firmware and Configurations Working with Software Image s ...

  • Cisco Systems OL-29225-01 - page 437

    CH A P T E R 21-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 21 Configuring L2TPv3 Over UDP/IP Layer 2 T unneling Protocol (L2TPv3), is a tunneling protocol that enables tunnel ing of Layer 2 packets ov er IP core networks. L2TPv3 tunnel is a cont rol connection between th e end points. One L2TPv3 tu nnel c ...

  • Cisco Systems OL-29225-01 - page 438

    21-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uring L2T Pv3 Over UDP/IP Configuring L2TP Class Note The bridge id on interfaces wi th same vlan id must be the same. The follo wing are not suppo rted: • T unnel establishment using IPv6 ad dress • SNMP and GUI conf iguration • Multip ...

  • Cisco Systems OL-29225-01 - page 439

    21-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 21 Configuring L2TPv3 Over UDP/IP Configuring Pseudow ire Class Note Multiple l2tp classes can be configured. Examples ap1# configure terminal ap1(config)# l2tp-class myl2tpclass ap1(config-l2tp-class)# hostname myhost1 ap1(config-l2tp-class)# hello 15 ...

  • Cisco Systems OL-29225-01 - page 440

    21-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uring L2T Pv3 Over UDP/IP Relationship betwee n L2TP Class and Pseudowire Cla ss Relationship between L2TP Class and Pseudowire Class Multiple pseudo wire classes can be conf igured. A ps eudowi re class can configured with an y one of the av ...

  • Cisco Systems OL-29225-01 - page 441

    21-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-29225-01 Chapter 21 Configuring L2TPv3 Over UDP/IP Mapping SSID to the T unnel/Xconnect This interface allo ws access to an AP through the tunnel. This interface is associated with a VDT interface with same inde x. T raffic fro m this interf ace is tunn eled though a t ...

  • Cisco Systems OL-29225-01 - page 442

    21-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-29225-01 Chapter 21 Config uring L2T Pv3 Over UDP/IP Configuring TCP mss adjust Configuring TCP mss adjust T o conf igure TCP mss adjust fo r tunnel clients u se the dot11 l2tp tcp mss tcp mss value command in the conf iguration mode. dot11 l2tp tcp mss tcp mss value E ...

  • Cisco Systems OL-29225-01 - page 443

    CH A P T E R 22-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 22 Configuring System Message Logging This chapter describes how to conf igure sy stem message logging on your acces s point. Note For complete syntax and usage info rmation for th e commands used i n this chapter , refer to the Cisco IOS Confi gu ...

  • Cisco Systems OL-29225-01 - page 444

    22-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 22 Config uri ng System Message Logg ing Understanding System Message Lo gging Understanding System Message Logging By default, access points send the outpu t from system messages and deb ug pri vile ged EXEC commands to a logging process. The l ogging ...

  • Cisco Systems OL-29225-01 - page 445

    22-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 22 Configuring System Message Logging Configuring System Message Lo gging This example show s a partial access point system message : *Mar 1 00:00:29.219: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up *Mar 1 00:00:29.335: Starting Eth ...

  • Cisco Systems OL-29225-01 - page 446

    22-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 22 Config uri ng System Message Logg ing Configuring System Message Logging Disabling and Enabling Message Logging Message logging is enabled by default. It must be en abled to send messages to any d estination other than the console. When enabled, log ...

  • Cisco Systems OL-29225-01 - page 447

    22-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 22 Configuring System Message Logging Configuring System Message Lo gging Setting the Message Display Destination Device If message logging is en abled, you ca n send messages to specific locati ons in addition to the cons ole. Beginni ng in pri vile g ...

  • Cisco Systems OL-29225-01 - page 448

    22-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 22 Config uri ng System Message Logg ing Configuring System Message Logging Enabling and Disabling Timestamps on Log Messages By default, log messag es are not timestamped. Beginni ng in pri vile ged EXEC mode, follo w these steps to enable ti mestampi ...

  • Cisco Systems OL-29225-01 - page 449

    22-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 22 Configuring System Message Logging Configuring System Message Lo gging T o disable sequence numbers, use the no service sequence-numbers global confi guration command. This example sh ow s part of a logging display with sequenc e numbers enabled: 00 ...

  • Cisco Systems OL-29225-01 - page 450

    22-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 22 Config uri ng System Message Logg ing Configuring System Message Logging T able 22-3 describes the level keyw ords. It also lists the co rresponding sy slog definitions from the mos t sev ere lev el to the leas t sev ere level. The software generate ...

  • Cisco Systems OL-29225-01 - page 451

    22-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 22 Configuring System Message Logging Configuring System Message Lo gging Beginni ng in pri vile ged EXEC mode, follo w these steps to change the l e vel and h istory table size defaults: When the history table is fu ll (it contains the maximum number ...

  • Cisco Systems OL-29225-01 - page 452

    22-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 22 Config uri ng System Message Logg ing Configuring System Message Logging Configuring the System Logging Facility When sending system log messages to an e xternal de vi ce, you can cause the access point to identify its messages as originating from ...

  • Cisco Systems OL-29225-01 - page 453

    22-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 22 Configuring System Message Logging Displaying the Logging Co nfiguration Displaying the Logging Configuration T o display t he current logging con fi guration and t he contents of the lo g buf fer , use the show logg ing pri vileged EXEC co mmand. ...

  • Cisco Systems OL-29225-01 - page 454

    22-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 22 Config uri ng System Message Logg ing Displaying the Logging Configuration ...

  • Cisco Systems OL-29225-01 - page 455

    CH A P T E R 23-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 23 Troubleshooting This chapter pro vides trou bleshooting procedures for b asic problems with the wirel ess dev ice. For the most up-to-date, detail ed troubleshooting i nformation, refer to the Cisco T A C website at the foll owing URL (select T ...

  • Cisco Systems OL-29225-01 - page 456

    23-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 23 Troublesho oting Checking the LED Indica tors Checking the LED Indicators If your wireless de vice is not communicating, fir st check the LED indicators on th e de vice to quickly assess the device’ s status. The LED indicator setup is not the sam ...

  • Cisco Systems OL-29225-01 - page 457

    23-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 23 Troubleshooting Checking Basic Setting s Note An 802.3af compliant switch (Cisco or no n-Cisco) is capable of supply ing suf f icient po wer for full operation. Note When an AP 2700 or AP 370 0 is running in lo w po wer mode with Po E 802.3af po wer ...

  • Cisco Systems OL-29225-01 - page 458

    23-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 23 Troublesho oting Resetting to the Defa ult Conf iguration SSID CONFIG W ARNING: [SSID]: If radio client s are using EAP-F AST , A UTH OPEN with EAP should also be configured. If you are using the GUI, this warning message appears: WA R N I N G : “ ...

  • Cisco Systems OL-29225-01 - page 459

    23-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 23 Troubleshooting Resetting to the Default Configuration Using the Web Browser Interface Follo w th ese steps to delete the current con figurati on and return al l wireless de vice settings to the f actory defaults usin g the web bro wser interface: S ...

  • Cisco Systems OL-29225-01 - page 460

    23-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 23 Troublesho oting Reloading the A ccess Point Image ...done initializing Flash. Step 5 Use the dir flash: command to display the contents of Flash and f ind the conf ig.txt conf iguration file. ap: dir flash: Directory of flash:/ 3 .rwx 223 <date& ...

  • Cisco Systems OL-29225-01 - page 461

    23-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 23 Troubleshooting Reloading the Access Point Image Using the MODE button Y ou can use the MODE but ton on all access points t o reload the access point image f ile from an activ e T ri vial File T ransfer Protocol (TFTP) server on your netw ork or on ...

  • Cisco Systems OL-29225-01 - page 462

    23-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 23 Troublesho oting Reloading the A ccess Point Image Browser HTTP Interface The HTTP interface enables you to bro wse to the wireless de vice image f ile on your PC an d do wnload the image to the wireless de vice. Follo w the instructions belo w to u ...

  • Cisco Systems OL-29225-01 - page 463

    23-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 23 Troubleshooting Reloading the Access Point Image Using the CLI Follo w the steps b elo w to reload the wireless d e vice image using the CLI. When the wireless de vice begins to boot, you interrupt the bo ot process and use boot loader comm ands to ...

  • Cisco Systems OL-29225-01 - page 464

    23-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 23 Troublesho oting Reloading the A ccess Point Image Step 7 When the display becomes full, the CLI pauses an d displays --MORE-- . Press the spacebar to continue. extracting info (286 bytes) ap3g2-k9w7-mx.152-4.JB5/ (directory) ap3g2-k9w7-mx.152-4.JB ...

  • Cisco Systems OL-29225-01 - page 465

    23-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 23 Troubleshooting Image Recovery on the 1520 Access Point IP_ADDR=192.168.133.160 NETMASK=255.255.255.0 Step 10 Enter the boot command to reboot the w ireless device. When the wireless de vice reboots, it loads the new image. ap: boot Obtaining the A ...

  • Cisco Systems OL-29225-01 - page 466

    23-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 23 Troublesho oting Image Recovery on the 1520 Access Point T o perform image reco very on the 1520 access point, follo w these st eps: Step 1 W ith the access point powered of f, connect an RJ45 consol e cable to the console port (). The console port ...

  • Cisco Systems OL-29225-01 - page 467

    23-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-30644-01 Chapter 23 Troubleshooting Image Recovery on the 1520 Access Point Note If the ENABLE_BREAK=no envir onmental variab le is set, you will not be able to escape to the bootloader . Step 5 Cable the 1520 access point’ s LAN port (“PoE In”) to a TFTP server ...

  • Cisco Systems OL-29225-01 - page 468

    23-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Chapter 23 Troublesho oting Image Recovery on the 1520 Access Point ...

  • Cisco Systems OL-29225-01 - page 469

    A-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-30644-01 APPENDIX A Protocol Filters The tables in this appendix list some of the prot ocol s that you can f ilter on th e access point. The tables include: • T able A-1, EtherT ype Protocols • T able A-2, IP Protocol s • T able A-3, IP Port Prot ocols In each table ...

  • Cisco Systems OL-29225-01 - page 470

    A-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix A Protocol Filters T able A -1 Ether T ype Prot ocols Protocol Additional Identifier ISO Designator ARP — 0x0806 RARP — 0x8035 IP — 0x0800 Berkele y T railer Ne gotiation — 0x1000 LAN T est — 0x0708 X.25 Le vel3 X.25 0x0805 Ban yan — 0x0B A ...

  • Cisco Systems OL-29225-01 - page 471

    A-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix A Protocol Filters T able A -2 IP Protocols Protocol Additional Identifier ISO Designator dummy — 0 Internet Control Message Protocol ICMP 1 Internet Group Management Prot ocol IGMP 2 T ransmission Control Protocol TCP 6 Exterior Gate way Prot ocol EG ...

  • Cisco Systems OL-29225-01 - page 472

    A-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix A Protocol Filters T able A -3 IP P or t Pr ot ocols Protocol Additional Identifier ISO Designator TCP port service multiple x er tcpmux 1 echo — 7 discard (9) — 9 systat (11) — 11 daytime (13) — 13 netstat (15) — 15 Quote of the Day qotd quo ...

  • Cisco Systems OL-29225-01 - page 473

    A-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix A Protocol Filters TSAP iso-tsap 102 CSO Name Serv er cso-ns csnet-ns 105 Remote T elnet rtelnet 107 Postoff ice v2 POP2 POP v2 109 Postoff ice v3 POP3 POP v3 110 Sun RPC sunrpc 111 tap ident authentication auth 113 sftp — 115 uucp-path — 117 Networ ...

  • Cisco Systems OL-29225-01 - page 474

    A-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix A Protocol Filters SNMP Unix Multiple xer s mux 199 AppleT alk Routing at-rtmp 201 AppleT alk name binding at-nbp 202 AppleT alk echo at-e cho 204 AppleT alk Zone Information at-zis 206 NISO Z39.50 da tabase z3950 210 IPX — 213 Interactiv e Mail Acce ...

  • Cisco Systems OL-29225-01 - page 475

    B-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-30644-01 APPENDIX B Supported MIBs This appendi x lists the Simple Network Manag ement Protocol (SNMP) Management Information Bases (MIBs) that the access point su pports for this soft w are release. The Cisco IOS SNMP agent supports SNMPv1, SNMPv2, and SNMPv3. This ap pe ...

  • Cisco Systems OL-29225-01 - page 476

    B-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix B Supported MIBs Using FTP to Acce ss the MIB Files • CISCO-MEMOR Y -POOL-MIB • CISCO-PR OCESS-MIB • CISCO-PR ODUCTS-MIB • CISCO-SMI-MIB • CISCO-TC-MIB • CISCO-SYSLOG-MIB • CISCO-WDS-INFO-MIB • ENTITY -MIB • IF-MIB • OLD-CISCO-CHASS ...

  • Cisco Systems OL-29225-01 - page 477

    C-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-30644-01 APPENDIX C Error and Event Messages This appendix lists t he CLI error and e vent message s. The appendix contains the follo wing sections: • Con v entions, page C-2 • Software Auto Upgrade Message s, page C-3 • Association Man agement Messages, page C-5 ? ...

  • Cisco Systems OL-29225-01 - page 478

    C-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es Conventions Conventions System error messages are displa yed in the fo rmat shown in Ta b l e C - 1 . T able C-1 System Er ror Messag e F or mat Message Component Description Example Error identif ier A string cate gorizing ...

  • Cisco Systems OL-29225-01 - page 479

    C-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages Software Auto Upgrade Message s Software Auto Upgrade Messages Error Message SW-AUTO-UPGRADE-2-FATAL_FAILURE: “At tempt to upgrade softw are failed, software on flash may be deleted. Pl ease copy software into flash. Explana ...

  • Cisco Systems OL-29225-01 - page 480

    C-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es Software Auto Upgrade Messages Error Message AUTO-INSTALL-4-IP_ADDRESS_DH CP: “The radio is operating in automati c install mode and has set ip address dhcp.” Explanation The radio is oper ating in au tomatic inst all m ...

  • Cisco Systems OL-29225-01 - page 481

    C-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages Association Management Message s Association Management Messages Error Message DOT11-3-BADSTATE: “%s %s -> %s.” Explanation 802 .11 associatio n and managem ent uses a ta ble-dri v en stat e machin e to k eep track and ...

  • Cisco Systems OL-29225-01 - page 482

    C-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es Unzip Mess ages Error Message DOT11-4-DIVER_USED: Interf ace $s, Mcs rates 8-15 disabled due to only one transmit or recieve antenna enab led Explanation These rates require that at lea st 2 rece iv e and transmit antennas b ...

  • Cisco Systems OL-29225-01 - page 483

    C-7 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages System Log Messages System Log Messages Error Message %DOT11-4-LOADING_RADIO: Interface [ chars], loading the radio firmware ([chars]) Explanation The radio has been stopped to load ne w f irmware. Recommended Action None. Err ...

  • Cisco Systems OL-29225-01 - page 484

    C-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages 802.11 Subsystem Messages Error Message DOT11-6-FREQ_USED: “Interfa ce %s, frequency %d selected.” Explanation After scanning for an unused frequency , th e indicated interface selected the disp ...

  • Cisco Systems OL-29225-01 - page 485

    C-9 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-3-TX_PWR_OUT_OF_RANGE : “Interface %s Radio transmit power out of range.” Explanation The transmitter po wer le vel is o utside the normal range on the indicated radio interf a ...

  • Cisco Systems OL-29225-01 - page 486

    C-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-6-DFS_SCAN_START: “DF S: Scanning frequency %d MHz for %d seconds.” Explanation The device has be gun its DFS scanning process. Recommended Action None. Error Message DOT11- ...

  • Cisco Systems OL-29225-01 - page 487

    C-11 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT114-NO_MBSSID_BACKUP_VLA N: “Backup VLANs cannot be configured if MBSSID is not enabled. %s not starte d. Explanation T o enable a backup VLAN, MBSSID mode should be conf igured. R ...

  • Cisco Systems OL-29225-01 - page 488

    C-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-2-UPLINK_FAILED: “Upl ink to parent failed: %s.” Explanation The connection to the parent access point f ailed for the di splayed reason. The uplink will stop its connection ...

  • Cisco Systems OL-29225-01 - page 489

    C-13 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-MAXRETRIES: “Packet to client %e reached max retries, removing the client.” Explanation The maximum packet send retry limit has been reached and th e client is being re mov ...

  • Cisco Systems OL-29225-01 - page 490

    C-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-4-RADIO_NO_FREQ: “Int erface &s, all frequencies have been blocked, interface not started.” Explanation The frequencies set for operatio n are in v alid an d a channel s ...

  • Cisco Systems OL-29225-01 - page 491

    C-15 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-FLASHING_RADIO: “Interfa ce %s, flashing radio firmware (%s).” Explanation The indic ated interface radio has been stop ped to loa d the indicated new f irmware. Recommended ...

  • Cisco Systems OL-29225-01 - page 492

    C-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-4-UPLINK_LINK_DOWN: “ Interface %s, parent lost: %s.” Explanation The connection to the parent access point on the indicated interf ace was lost for the reason indicated. Th ...

  • Cisco Systems OL-29225-01 - page 493

    C-17 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-6-ANTENNA_GAIN: “Inte rface %s, antenna position/gain changed, adjusting transmitter power.” Explanation The antenna gain has changed so the list of allo wed po wer leve ls mu ...

  • Cisco Systems OL-29225-01 - page 494

    C-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message DOT11-4-CKIP_MIC_FAILURE: “CKIP MIC failure was detect ed on a packet (Digest 0x%x) received from %e).” Explanation CKIP MIC failure was detected on a frame. A failure of the CKIP ...

  • Cisco Systems OL-29225-01 - page 495

    C-19 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages 802.11 Subsystem Messages Error Message DOT11-4-TKIP_REPLAY: “TKIP TSC replay was detected on a packet (TSC 0x%ssx received from %e).” Explanation TKIP TSC re play was detected on a frame. A replay of the TKIP TSC in a re ...

  • Cisco Systems OL-29225-01 - page 496

    C-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es 802.11 Subsystem Messages Error Message SOAP_FIPS-2-INIT_FAILURE: “ SOAP FIPS initialization failure: %s.” Explanation SOAP FIPS i nitialization fa ilure. Recommended Action None. Error Message SOAP_FIPS-4-PROC_FAILURE: ...

  • Cisco Systems OL-29225-01 - page 497

    C-21 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages Inter-Access Point Protocol Messages Error Message DOT11-6-MCAST_DISCARD: “%s mode multicast packets are discarded in %s multicast mode.” Explanation The access point conf igured as a workgrou p bridge and drops i nfrastr ...

  • Cisco Systems OL-29225-01 - page 498

    C-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es Local Authenticator Messages Error Message RADSRV-4-NAS_KEYMIS: NAS sh ared key mismatch. Explanation The local RADIU S server recei ved an authen tication request but the message signature indicates that th e shared ke y t ...

  • Cisco Systems OL-29225-01 - page 499

    C-23 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages Local Authenticator Message s Error Message DPT1X-SHIM-4-PLUMB_KEY_ERR: “Unable to plumb keys - %s.” Explanation An unexpected error occu rred when the shim layer t ried to plumb the k eys. Recommended Action None. Error ...

  • Cisco Systems OL-29225-01 - page 500

    C-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es WDS Messages WDS Messages Error Message WLCCP-WDS-6-REPEATER_STOP: WLCCP WDS on Repe ater unsupported, WDS is disabled. Explanation Repeater access points do not support WD S. Recommended Action None. Error Message WLCCP-WD ...

  • Cisco Systems OL-29225-01 - page 501

    C-25 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages Mini IOS Messages Error Message WLCCP-NM-6-WNM_LINK_UP: Lin k to WNM is up Explanation The network manager is no w responding to k eep-acti ve messages. Recommended Action None. Error Message WLCCP-NM-6-RESET: Resetting WLCCP ...

  • Cisco Systems OL-29225-01 - page 502

    C-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es Access Point/Bridge Messages Access Point/Bridge Messages Error Message APBR-4-SEND_PCKT_FAILED: Failed to Send Packet on port ifDescr (error= errornum)errornum: status er ror number HASH(0x2096974) Explanation The access p ...

  • Cisco Systems OL-29225-01 - page 503

    C-27 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages LWAPP Error Messages LWAPP Error Messages Error Message LWAPP-3-CDP: Failure sendin g CDP Update to Controller. Reason “s” Explanation Could not send access point CDP update to controller Recommended Action None. Error Me ...

  • Cisco Systems OL-29225-01 - page 504

    C-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es Sensor Messages Sensor Messages Error Message SENSOR-3-TEMP_CRITICAL: Sys tem sensor “d” has exceeded CRITCAL temperature thresholds Explanation One of the measured en vironmental test poin ts exceeds the e xtreme thres ...

  • Cisco Systems OL-29225-01 - page 505

    C-29 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages SNMP Error Messages Error Message SENSOR-3-VOLT_NORMAL: Syste m sensor “d”(“d”) is now operating under NORMAL voltage Explanation One of the measured en vironmental test points is u nder normal operating voltage. Reco ...

  • Cisco Systems OL-29225-01 - page 506

    C-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es SSH Error Mess ages Error Message SNMP-4-NOENGINEIDV6: Remote snmpEngineID f or Unrecognized format ‘ %P’ not found when creating user: “s” Explanation An attempt to create a user failed.This is lik ely because the ...

  • Cisco Systems OL-29225-01 - page 507

    C-31 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 Appendix C Error and Event Messages SSH Error Messages Error Message SSH-5-SSH_CLOSE: SSH Sessio n from “%s”(tty = “%d”) for user ’”%s”’ using crypto cipher ’”%s”’ closed Explanation The SSH Session closure information Recommended Action ...

  • Cisco Systems OL-29225-01 - page 508

    C-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 Appendix C Error and Event Messag es SSH Error Mess ages ...

  • Cisco Systems OL-29225-01 - page 509

    GL-1 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 GLOSSARY 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specif ications for 1- and 2- megabi t-per -second (Mbps) wireless LANs operating in the 2. 4-GHz band. 802.11a The IEEE standard that specifies carrier sense ...

  • Cisco Systems OL-29225-01 - page 510

    Glossary GL-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 beacon A wireless LAN pa cket that signals the a v ailability and presence of the wireless de vice. Beacon packets are sent by access points and base stations; howe ver , client radio ca rds send beaco ns when op erating in computer to computer (Ad Ho ...

  • Cisco Systems OL-29225-01 - page 511

    Glossar y GL-3 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 dipole A ty pe of low-gain (2.2-dBi ) antenna consisting of tw o (often internal) elements. domain n ame The text name that refers to a gro uping of netwo rks or network resources based on org anization-type or geography; for e xample: name.com—comm ...

  • Cisco Systems OL-29225-01 - page 512

    Glossary GL-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 IP subnet mask The number used to identi fy the IP subnetwork, indicat ing whether the IP address can be recognized on the LAN or if it must be reached through a gate way . This number is expressed in a form simi lar to an IP address; for example: 255 ...

  • Cisco Systems OL-29225-01 - page 513

    Glossar y GL-5 Cisco IOS Software Configuration Gu ide for Cisco Aironet Access Points OL-30644-01 roaming A feature of some Access Points that a llows users to mo ve through a f acility while maintaining an unbrok en connection t o the LAN. RP-TNC A connector type unique to Cisco Aironet rad ios and antennas. P art 15.203 of the FCC rules co veri ...

  • Cisco Systems OL-29225-01 - page 514

    Glossary GL-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-30644-01 W WDS W ireless Domain Services (WDS). An access p oint pro viding WDS on your wireless LAN maintains a cache of credenti als for CCKM-capable client de vices on your wireless LAN. When a CCKM- capable client roam s from one a ccess point to another , ...

Produzent Cisco Systems Kategorie Film Camera

Dokumente, die wir vom Produzenten des Geräts Cisco Systems OL-29225-01 erhalten, können wir in mehrere Gruppen teilen. Unteranderem in:
- technische Zeichnungen Cisco Systems
- Bedienungsanleitungen OL-29225-01
- Produktkarten Cisco Systems
- Informationsbroschüren
- oder Energieetiketten Cisco Systems OL-29225-01
Jede von ihnen ist wichtig, jedoch finden wir die wichtigsten Informationen für den Nutzer des Geräts in der Bedienungsanleitung Cisco Systems OL-29225-01.

Die Dokumentengruppe, die als Bedienungsanleitungen bezeichnet wird, wird ebenfalls in detaillierte Arten geteilt, solche wie: Montageanleitungen Cisco Systems OL-29225-01, Wartungsanleitungen, Kurzanleitungen oder Benutzeranleitungen Cisco Systems OL-29225-01. Abhängig vom Bedarf, sollten Sie das Dokument finden, das Sie brauchen. In unserem Service können Sie sich die populärste Bedienungsanleitung des Produkts Cisco Systems OL-29225-01 ansehen.

Ähnliche Bedienungsanleitungen

Die komplette Bedienungsanleitung des Geräts Cisco Systems OL-29225-01, wie sollte sie aussehen?
Die Bedienungsanleitung, auch bezeichnet als Benutzerhandbuch, oder einfach nur „Anleitung”, ist ein technisches Dokument, das dem Benutzer bei der Nutzung von Cisco Systems OL-29225-01 hilfreich sein soll. Die Bedienungsanleitungen werden in der Regel von technischen Schriftstellern geschrieben, aber in einer Sprache, die für alle Nutzer von Cisco Systems OL-29225-01 verständlich ist.

Eine gänzliche Bedienungsanleitung von Cisco Systems sollte einige Grundelemente enthalten. Ein Teil von ihnen ist nicht so wichtig, wie z.B.: die Titelseite oder Autorenseiten. Die restlichen von ihnen jedoch, sollten Informationen liefern, die für den Nutzer von enormer Wichtigkeit sind.

1. Einführung und Hinweise, wie man sich in einer Bedienungsanleitung von Cisco Systems OL-29225-01 bewegt - Am Anfang jeder Bedienungsanleitung sollten wir Hinweise bezüglich der Nutzungsart eines bestimmten Ratgebers finden. In ihr sollten sich Informationen über die Lokalisierung des Inhaltsverzeichnisses von Cisco Systems OL-29225-01 befinden, FAQ oder über oft auftretende Probleme – also Stellen, die von den Benutzern in jeder Bedienungsanleitung am meisten gesucht werden
2. Inhaltsverzeichnis - Index aller Ratschläge bezüglich Cisco Systems OL-29225-01, die wir im aktuellen Dokument finden
3. Ratschläge zur Nutzung der Grundfunktionen des Geräts Cisco Systems OL-29225-01 - die uns die ersten Schritte während der Nutzung von Cisco Systems OL-29225-01 erleichtern sollten
4. Troubleshooting - geordneter Tätigkeitslauf, der uns bei der Diagnose und als nächstes bei der Lösung wichtiger Probleme mit Cisco Systems OL-29225-01 hilft
5. FAQ - häufig gestellte Fragen
6. Kontaktdaten Informationen darüber, wo man Kontakt zum Produzenten / Service von Cisco Systems OL-29225-01 im bestimmten Land suchen kann, wenn es nicht gelingt, das Problem selbst zu lösen.

Haben Sie eine Frage bezüglich Cisco Systems OL-29225-01?

Nutzen Sie das untere Formular

Wenn Sie mit Hilfe der gefundenen Bedienungsanleitung Ihr Problem mit Cisco Systems OL-29225-01 nicht gelöst haben, stellen Sie eine Frage, indem Sie das untere Formular nutzen. Wenn einer der Nutzer ein ähnliches Problem mit Cisco Systems OL-29225-01 hatte, ist es möglich, dass er mit Ihnen die Lösung teilen möchte.

Text vom Bild übertragen

Kommentare (0)