Cisco Systems AIRCAP2602IAK9 manual

Americas Hea dquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 527-0883 Cisco IOS S of tw a re Conf iguration Guide f or Cisco Air onet A ccess P oints Cisco IOS Releases 15.2(2)J A, 12.4(2 5 d ) JA, and 12.3(8)JEE August 20 12 Text Pa rt Num[...]

THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENT S, INFORMATI ON, AND RE COMMENDATIONS IN T HIS MA NUAL ARE BELI EVED TO BE A CCURATE BUT ARE P RESENTED WI THOUT WARRANTY OF ANY KIND, E XPRESS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PR[...]

1 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 CONTENTS Audienc e i-x ix Pur pose i-xx Organi zation i-xx Conv enti ons i-xxi Rela ted Publi cati ons i-xxiv Obtain ing Docu mentati on, Obt aining Su pport, an d Secur ity Guide lines i-xxiv CHAPTER 1 Overview 1- 1 Featur es 1-2 Featur es Int roduced i n This Re[...]

Cont ents 2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Gettin g Help 3-3 Abbrevi ating Comma nds 3-3 Using no an d defau lt Form s of Commands 3-4 Underst andi ng CLI Message s 3-4 Using Comma nd History 3-4 Changin g the Comma nd Histor y Buffe r Size 3-5 Recall ing Commands 3-5 Disabl ing the Comman d Histo[...]

Content s 3 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Using th e Expre ss Securi ty Page 4-20 CLI C onfi gurat ion Exam ples 4-21 Config urin g System Po wer Setti ngs for 1040, 1130 , 1140, 124 0, 125 0, and 1260 Se ries Acces s Point s 4-26 Using th e AC Power Ada pter 4-2 6 Using a Swi tch Capa ble of IE[...]

Cont ents 4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Defaul t TACACS+ Co nfigura tion 5-15 Config urin g TACACS+ Lo gin Authen ticati on 5-1 5 Config urin g TACACS+ Aut horiza tion for Privil eged EXEC Access and Net work Ser vices 5-17 Displa ying t he TACACS+ Conf igur ation 5-17 Config urin g Ethernet Sp[...]

Content s 5 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Defaul t Banner Configur ation 5-35 Config urin g a Message -of-the -Day Lo gin Banner 5-35 Config urin g a Login Bann er 5-37 Upgradi ng Auto nomous Cisc o Airon et Access Po ints to Lightwei ght Mode 5-37 Migrati ng to Japan W5 2 Domain 5-37 Verif ying[...]

Cont ents 6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Config urin g Transmit and Recei ve Antenn as 6-26 Enabli ng and Di sablin g Gratuit ous Pro be Response 6-27 Disab ling an d Enab ling Ai rone t Ex tensi ons 6-28 Config urin g the Ether net Enc apsulat ion Tr ansformat ion Method 6-29 Enabli ng and Di s[...]

Content s 7 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 CLI C onfi gurat ion Exam ple 7-10 Displa ying Co nfigur ed BSSIDs 7-10 Assigni ng IP Redi rect ion for an SS ID 7-11 Guid elines f or Usin g IP Redi recti on 7-12 Conf igurin g IP Redi rect ion 7-12 Includ ing an SSID in an SSI DL IE 7-13 NAC Supp ort f[...]

Cont ents 8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Confi guri ng Ot her Acce ss P oint s to U se the Local Au thenti cato r 9-6 Config urin g EAP-FAST Set ting s 9-7 Config urin g PAC Settin gs 9-7 Config urin g an Authori ty ID 9-8 Config urin g Server Key s 9-8 Possib le PAC Fai lures Ca used by Access [...]

Content s 9 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Applyi ng an EAP Pr ofile t o the Fas t Etherne t Interf ace 11-18 Applyi ng an EAP Pr ofile t o an Uplink SSID 11 -19 Matchin g Acc ess Poi nt a nd Cli ent D evice Au thenti cati on Types 11-19 CHAPTER 12 Configur ing WDS, Fast Secur e Roaming, Radi o M[...]

Cont ents 10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Config urin g Access Poi nts to Partici pate in WIDS 12-29 Config urin g the Access Point f or Scanner Mode 12-29 Config urin g the Access Point f or Monitor Mode 12-29 Displa ying Mon itor Mode St atisti cs 12-30 Config urin g Monito r Mode Limit s 12-3[...]

Content s 11 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 CHAPTER 14 Configur ing V LANs 14-1 Underst anding VL ANs 14-2 Rel ated D ocu me nts 14-3 Incorp orat ing Wir eless Devi ces in to VLANs 14-4 Config urin g VLANs 14-4 Config urin g a VLAN 14 -5 Assigni ng Names to VLANs 14-7 Guidel ines f or Using VLAN [...]

Cont ents 12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Config urin g Filter s Using the CLI 16-2 Config urin g Filt ers Using t he Web -Browser Inter face 16-3 Config urin g and E nabli ng MAC Address Filt ers 16-3 Creat ing a M AC Ad dres s Filt er 16-4 Using MA C Addres s ACLs to Bloc k or Allow Cli ent As[...]

Content s 13 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 SNM P Exa mples 18-10 Displa ying SNMP Stat us 18 -12 CHAPTER 19 Configur ing R epeater a nd Sta ndby Access Points and Wor kgroup Br idge Mod e 19-1 Underst andi ng Repeater Access Points 19-2 Config urin g a Repeater Access Po int 19-3 Defau lt C onfi[...]

Cont ents 14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Dele ting F iles 20-5 Creati ng, Di splayi ng, and Ext racting tar Fi les 20-5 Creati ng a tar F ile 20-5 Displa ying t he Content s of a tar Fi le 20 -6 Extra ctin g a tar Fil e 20 -7 Displa ying t he Content s of a File 20-7 Working with Confi guratio [...]

Content s 15 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Browser HTTP I nterfac e 20-32 Brow ser TFT P Inte rfac e 20-33 CHAPTER 21 Configur ing Syst em Message Logg ing 21-1 Underst andi ng System Messa ge Loggi ng 21-2 Config urin g System Mes sage Loggi ng 21 -2 System Log Message Forma t 21-2 Defaul t Sys[...]

Cont ents 16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Using th e CLI 22-25 Reloadi ng the Access Po int Im age 22-2 6 Using th e MODE but ton 22-27 Using th e Web Browse r Inte rface 22-27 Browser HTTP I nterfac e 22-28 Brow ser TFT P Inte rfac e 22-28 Using th e CLI 22-29 Obta ining the Acce ss P oint Imag[...]

xix Cisco IO S Softw are Conf iguratio n Guid e for C isco Aironet Acces s Poin ts OL-21881-03 Preface Revised: August 30, 2012 OL-2188 1-03 Audience This gu ide i s for the net working pr ofessiona l wh o instal ls and manage s Cisco Aironet Access Points. T o use this guid e, you shou ld have e xp erien ce working with th e Cisco IOS soft ware an[...]

xx Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Pref ace Purpose Purpose This guid e provides the informa tion you need to insta ll and configur e your acce ss point. This guide pro vides p roced ures f or usi ng the Cis co IOS so ftwa re com mands tha t ha ve been cr eated or change d fo r use with the a ccess[...]

xxi Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Pre face Convent ions Chapter 12, “Con figuring W DS, Fast Secu re Ro aming, Radio Manag ement, and Wireless Int rusion Detectio n Services, ” describes how to conf igure the access point to participate in WDS, to allo w fast reassoc iation of roami ng clien[...]

xxii Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Pref ace Conv ent ions Inter acti ve exam ples use th ese con ven tions: • T erminal sessions and system displays are in scree n font. • Informa tion y ou e nter is in boldface sc reen font. • Nonpri nting ch aract ers, such a s passwords or tab s, are in [...]

xxiii Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Pre face Convent ions Warnung Dieses Warnsymbol b edeutet Gefahr . Sie befi nden sich in einer S ituation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an i rgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreise[...]

xxiv Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Pref ace Related Publi cations Related Publications These do cuments p rovide complete informati on about the access p oint: • Getting St arted Gui de: C isco Aironet 1040 Series Acces s P oi nts • Getting St arted Gui de: Cisco Aironet 1260 Series Access P [...]

C HAPTER 1-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 1 Overview Cisco Air onet Acces s Points (h ereaft er called access p oints ) pro v ide a secure, af ford able, a nd easy-to-use wireless LAN solution t hat combines mobility an d fle xibility wi th the enterprise -class feature s required by net working[...]

1-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Ch apter 1 Over vi ew Feature s • The 13 00 series outdoor ac cess poi nt/bridg e uses an integrat ed ante nna and c an be configur ed to us e extern al, du al- diversity ante nnas . • The 260 0 series ac cess poin t contains du al-band ra dios (2 .4 GHz an d[...]

1-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 Ov erview Features Note Cisc o IOS Release 12.4(25d) J A suppo rts the Cisc o 3201 W ireless Mo bile Interfa ce Card (WM IC) in th e 3200 Series Mobil e Access Router (MAR). It do es not support t he 3202 and 3205 MAR WMIC module s. Use t he c320 1-k9w7[...]

1-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Ch apter 1 Over vi ew Managem ent Opt ions Manage ment Options Y ou can use the wirel ess device management system throu gh the following interfa ces: • The Ci sco IO S comm and-lin e int erface (CL I), which you u se thro ugh a con sole po rt o r T elne t sess[...]

1-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 Ov erview Network Configuration Examples Figur e 1 -1 A ccess P oints as Root Units on a Wir ed LAN Repeater Access Point An acce ss point ca n be configure d as a sta nd-alone repea ter to extend the ra nge of you r infra structure or to o verc ome an [...]

1-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les Bridges The 1140 , 1200 , 1240 , and 1250 series a ccess p oints a nd the 1300 a ccess p oint/bri dge ca n be configured as ro ot or n on-roo t bri dges. In this r ole, an a ccess po int es tablish es a wire[...]

1-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 Ov erview Network Configuration Examples you can conn ect the printers to a hub or to a switch, co nnect the hub or switc h to the access point Eth ernet port, and configure t he acce ss point as a workg roup bri dge. The workgrou p bridge associat es t[...]

1-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Ch apter 1 Over vi ew Netwo rk Configura tion Examp les[...]

CH A P T E R 2-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 2 Using the Web-Browser Interface This ch apter descr ibes th e web- browser int erface that you c an use to c onfigure t he wir eless device. T his chapte r contains these secti o ns: • Using the W eb-Bro wser Int erf ace f or t he Fi rst T ime, p[...]

2-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 2 Using t he Web- Browser Int erface Using the Web-Br owser In terfac e for th e First Time Using the Web-Browser In terface for the First T ime Use the wire less device IP address to browse to the mana gement system. See the “Logging into the Access P[...]

2-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 Using the Web -Brow ser Inter face Using th e Manage ment Page s in the We b-Browser Interfa ce Using Action Buttons Ta b l e 2 - 1 lists the p age l inks an d buttons tha t app ear on most ma nagem ent pa ges. T able 2-1 Common But ton s on Ma nagem en[...]

2-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 2 Using t he Web- Browser Int erface Enabling H TTPS for Secure B rowsing Characte r Restriction s in Entry Fields Becau se the 1200 se ries acce ss point uses Cisco I OS softw are, ther e are certai n charact ers that you cannot use in th e ent ry field[...]

2-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 Using the Web -Brow ser Inter face Enab li ng HT TPS f or S ecu re Br ow sing Figur e 2-2 Expr ess Setup P age Step 3 Enter a name for the a ccess p oint in the System Name f ield an d click A pply . Step 4 Bro wse to the Servic es – DNS page. Figure [...]

2-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 2 Using t he Web- Browser Int erface Enabling H TTPS for Secure B rowsing Figur e 2-3 Services – DNS P age Step 5 Select Enable for Dom ain Name System. Step 6 In the Domai n Na me field, e nter your compa ny domain nam e. At C isco Systems, for exam p[...]

2-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 Using the Web -Brow ser Inter face Enab li ng HT TPS f or S ecu re Br ow sing Step 10 Browse t o the Se rvices: HTT P W eb Server page. Figure 2-4 shows the HTTP W eb Ser ver page: Figur e 2-4 Services: HTT P W eb Serv er P age Step 11 Select the Enable[...]

2-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 2 Using t he Web- Browser Int erface Enabling H TTPS for Secure B rowsing Step 14 Another warning win dow a ppears stating that the access point sec urity certif icate is vali d but is not fro m a kno wn source. Ho wev er , you can ac cept the cer tifi c[...]

2-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 Using the Web -Brow ser Inter face Enab li ng HT TPS f or S ecu re Br ow sing Figur e 2-7 Cer tificate Windo w Step 16 On the Certif icate window , click Install Cert if icate . Th e Mic rosoft W indow s Cer tifi cate I mpor t W izard appe ars. Figure 2[...]

2-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 2 Using t he Web- Browser Int erface Enabling H TTPS for Secure B rowsing Figur e 2-8 Cer tificate Impor t Wizar d Window Step 17 Click Next . The ne xt windo w asks wher e you w ant to stor e the c ertif icate. W e reco mmend th at you us e the def aul[...]

2-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 Using the Web -Brow ser Inter face Enab li ng HT TPS f or S ecu re Br ow sing Figu re 2-1 0 Certif ica te Compl et ion W ind ow Step 19 Click Finis h . W indows displays a f inal security warning. Figure 2-11 sh o ws the security wa rning. Figu re 2-1 [...]

2-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 2 Using t he Web- Browser Int erface Enabling H TTPS for Secure B rowsing Figur e 2-12 Impor t Successfu l Window Step 21 Click OK . Step 22 On the Certifica te windo w sho wn in Figure 2- 7 , which is still disp layed, c lick OK . Step 23 On the Securi[...]

2-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 Using the Web -Brow ser Inter face Using Online Help Using Online Help Click the help icon at the top of any page in the web-bro wser interface to di splay online help. Figure 2-13 sho ws the help and print i cons. Figur e 2-13 Hel p and Pr int Icons W[...]

2-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 2 Using t he Web- Browser Int erface Disabli ng the Web-B rowser Inte rface Ta b l e 2 - 2 sh ows an ex ampl e help locat ion and Hel p Root UR L for an 110 0 series access po int. Step 5 Click A pply . Disabling the W eb-Br owser Inter face T o prev en[...]

CH A P T E R 3-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 3 Using the Command-Line Interface This chap ter de scribe s the Cisco IOS co mmand -line inte rface (CLI) th at you can us e to conf igure th e wirele ss device. It cont ains the se se ction s: • Cisc o IOS C omman d Mode s, pa ge 3- 2 • Getting[...]

3-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 3 Usi ng th e Com man d-L ine I nter face Cisco IOS Comm and Mode s Cisco IOS Command Modes The Cisco IOS user interfa ce is di vided into m any d if ferent mod es. The co mmands a v ailable to yo u depend on wh ich m ode you are curre ntly in. En ter a [...]

3-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 3 Using the Comma nd-Line In terface Getting Help Getting Help Y ou can enter a ques tion mark (? ) at the sy stem prom pt to di splay a lis t of comm ands a v ailable for eac h comma nd mode . Y ou ca n also obt ain a list of associa ted ke ywords and ar[...]

3-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 3 Usi ng th e Com man d-L ine I nter face Using no and default Forms of Comman ds Using no and defa ult Forms of Commands Most co nf igurati o n comm ands also hav e a no fo rm. In ge neral, use the no form to disabl e a featu re or func tion or re ver s[...]

3-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 3 Using the Comma nd-Line In terface Using Com mand History Changing the Command History B uffer Size By default , the wire less device record s ten comm and l ines in its history buffer . Beginn ing in privileged EXEC mod e, ente r this comm and to cha n[...]

3-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 3 Usi ng th e Com man d-L ine I nter face Using E diting Feature s Using Editing Fea tures This secti on descri bes the ed itin g features t hat can hel p you manip ulate the command line. It con tains these sectio ns: • Ena bling and Dis abli ng Editi[...]

3-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 3 Using the Comma nd-Line In terface Using Edit ing Featu res Editing C ommand Lines that Wrap Y ou can use a wrapa round feature for commands t hat extend beyond a singl e line on the screen . When the cursor reaches the right mar gin, the command lin e [...]

3-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 3 Usi ng th e Com man d-L ine I nter face Searching and Filtering O utput of show and more Commands In this exam ple, the acce ss-list global configura tion com mand e ntry extend s beyond one line . When the cursor f irst reach es the end of the line , [...]

3-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 3 Using the Comma nd-Line In terface Acce ssi ng th e C LI Accessing the CLI Y ou can open the w ireless device CLI us ing T elnet or Secu re Shell (SSH). Opening the CLI with Telnet Foll ow these steps to open the CLI wit h T elne t. These steps are for [...]

3-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 3 Usi ng th e Com man d-L ine I nter face Access ing the CLI[...]

CH A P T E R 4-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 4 Configuring the Access Point for the First Time This c hapter d escrib es how to configure basic se ttings o n the wire less device for the first tim e. The contents of this ch apter ar e similar to the in struction s in the q uick start guide that[...]

4-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Before You Start • A system name for the wire less device • The case- sensiti ve wireless service set ide ntifier (SSID) f or your ra dio netwo rk • If not connec ted to a D HCP server, a unique I P [...]

4-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Loggi ng into th e Access Poi nt Step 7 Click the Rese t to Defaul ts b utton to reset all settings, including the IP addre ss, to factory defa ults. T o reset al l settings e xcept the IP a ddress to d[...]

4-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Obtain ing and As signing an IP Add ress • T elnet (i f the AP is config ured with an IP address) • console port Note Not all mo dels of Cisco Airon et Acc ess Points have the cons ole po rt. If the ac[...]

4-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Connecting to the 1100 Series Access Point Locally Default IP Address Behavior When you con nect a 1040, 113 0AG, 1140 , 1200, 1240, 12 50, 1260 , 2600 access point, or 1300 seri es access point/b ridge[...]

4-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Connec ting to the 11 30 Series Access Po int Local ly Note Whe n you c onnec t your PC to the access p oint o r recon nect your PC to th e wired LAN, yo u mi ght ne ed to releas e and renew the IP address[...]

4-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Connecting to the 1300 Serie s Access Point/Bridg e Locally Step 3 When conn ected, pr ess enter or type en to access the comm and promp t. Pressing en ter takes you t o the user ex ec mode. Enter ing e[...]

4-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Def ault R adio Se ttin gs Default Radio Settings Beginning wi th Cisco IOS Releas e 12.3( 8)J A, access p oint r adios ar e di sabled and no default SSID is assigne d. T his was d one in orde r to p reven[...]

4-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Assigning Ba sic Setti ngs Figur e 4-1 Summary Stat us P age Step 5 Click Express Se tup . The Expr ess Setup scre en appears. Figure 4-2 and Figure 4-3 shows the Express Setup pag e for the 110 0 serie[...]

4-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Assigning B asic Settings Figur e 4-2 Expr ess Setup P age for 1 1 00 Seri es A ccess P oints Figur e 4-3 Expres s Setup Pag e f or 1 130, 1200, and 1240 Se r ies Access P oints Note Figur e 4-3 shows the[...]

4-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Assigning Ba sic Setti ngs Figur e 4-4 Expres s Setup P age f or 1 040, 1 140, 1260 and 12 60 Ser ies A ccess P oints[...]

4-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Assigning B asic Settings Figur e 4-5 Expr ess Setup P age for the 13 00 Ser ies Access P oint/Br idge Step 6 Enter the co nfiguration se ttings you obtained from you r system ad ministra tor . The config[...]

4-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Assigning Ba sic Setti ngs • IP Addr ess —Use this setting to assign or change the wirele ss device IP address. If DHCP is enabled for y our net work, l eav e th is field bl ank. Note I f the wirel[...]

4-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Assigning B asic Settings • Optimi ze Radio Netw ork f o r —Use th is setting to select either p reconf igured se ttings for t he wireless device rad io or custo mized settin gs for the wi reless devi[...]

4-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Assigning Ba sic Setti ngs IP Subne t Mask Assigned by DHCP by d efault; i f DHCP i s disable d, the d efault setting is 255.255.25 5.2 24 Default Gatew ay Assigned by DH CP by default; if DHCP is disa[...]

4-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Configur ing Basi c Security Settings Configuring Basic Security Settings After you assi gn basic settings to the wire less de vice, you must conf igure security settings to pre vent unaut horize d acce s[...]

4-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Config uring Basi c Security Set tings Understanding Expr ess Security Settings The SSID s that y ou cr eate u sing th e Expr ess sec urity page appe ar in t he SSID ta ble at the bo ttom o f the page.[...]

4-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Configur ing Basi c Security Settings Express Security Types Ta b l e 4 - 2 describe s the four sec urity types that you can assign to an SSID. T able 4-2 Secur ity T ypes on Expr ess Secur ity Setup P ag[...]

4-19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Config uring Basi c Security Set tings EAP Authentica tion This option enables 802. 1X authentica tion (such as LEAP , PEAP , EAP-TLS, EAP-F AST , EAP-TTLS, EAP-GTC, EAP-SIM, a nd othe r 802.1X /EAP ba[...]

4-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Configur ing Basi c Security Settings Express Security Limitations Because t he Express Security page i s de signed for sim ple configurat ion of basic se curity , the o ptions av ailable are a subset of [...]

4-21 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Config uring Basi c Security Set tings CLI Configuration Examples The e xample s in this sect ion show th e CLI comm ands that are equi val ent to crea ting SSIDs using eac h security type on the Expre[...]

4-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Configur ing Basi c Security Settings ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 20 key 3 size 128bit 7 FFD518A21653687A4251AEE1230C transmit-key encryption vlan 20 mode wep[...]

4-23 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Config uring Basi c Security Set tings Exam ple: EA P Auth enti cation This examp le shows part of the c onfiguration that resu lts from using t he Expr ess Securi ty pag e to crea te an SSID called ea[...]

4-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Configur ing Basi c Security Settings ! interface Dot11Radio0/1.30 encapsulation dot1Q 30 no ip route-cache bridge-group 30 bridge-group 30 subscriber-loop-control bridge-group 30 block-unknown-source no [...]

4-25 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Config uring Basi c Security Set tings aaa new-model ! ! aaa group server radius rad_eap server 10.91.104.92 auth-port 1645 acct-port 1646 ! aaa group server radius rad_mac ! aaa group server radius ra[...]

4-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Confi guring Syste m Pow er Set tings fo r 104 0, 1130 , 1140 , 1240 , 1250 , and 126 0 Se ries Acce ss P oints bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interfac[...]

4-27 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Configuri ng System Power Sett ings for 1040 , 1130, 1140, 1240, 1250, and 1260 Serie s Access Points Using a Switch That Does Not Support IEEE 802.3af Power Negotiation If you use a sw itch t o provid[...]

4-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Assigni ng an IP A ddress Us ing the CLI T able 4-3 Inline P ow er Options based on Ac cess P oint Radio Con figur ation 1. Maximum transmit power will vary by chann el and according to indiv idual cou nt[...]

4-29 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Using a Te lnet Sessi on to Access t he CLI Using a Telnet Se ssion to Access th e CLI Foll ow these step s to access the CLI b y using a T elnet session . These steps are for a PC running Micros oft W[...]

4-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Configur ing the 802.1X Supplicant Use the no form of the dot1x cr edentials com mand to negate a pa ramet er . The fo llowing example cre ates a cred enti als profile name d test with th e usern ame Cisc[...]

4-31 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring th e Acce ss Point for th e First Time Configuring the 802.1X Supplicant The following exam ple a pplie s the cr eden tia ls p rofile test to the access point Fast Ethern et port: ap1240AG> enable Password: xxxxxxx ap1240AG# config termi[...]

4-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 4 Configuring the Access Point for the First Time Configur ing the 802.1X Supplicant repeater-ap# config terminal Enter configuration commands, one per line. End with CTRL-Z. repeater-ap(config-if)# dot11 ssid testap1 repeater-ap(config-ssid)# dot1x cred[...]

CH A P T E R 5-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 5 Administering the Access Point This chap ter de scribe s ho w to admi nister the wireless de vice. This ch apter cont ains th ese sect ions: • Disabling the Mo de Button, page 5-2 • Pre ve nting Unauthorized Access to Y our Access Point, p age [...]

5-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Disabli ng the Mode B utton Disabling the Mode Button Y ou can disab le the mode button on access p oints having a c onsole port by using t he [no] bo ot mode-b utton comm and. T his com mand p revents password re covery[...]

5-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Preventi ng Unautho rized Access to Your Access Poi nt Preventing Unauthorized Access to Your Acce ss Point Y ou can prevent unauthor ized users fro m reco nfiguring the w ireless device and viewing configurati on inform [...]

5-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Protecting A ccess to Privileged EXE C Comman ds Default Password and Priv ilege Level Configuration Ta b l e 5 - 1 sho ws the d efault pa ssword and privilege level configuration. Setting o r Changin g a Static En able [...]

5-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Prote cti ng Ac cess to Pri vile ged EXEC Comm and s This exam ple s ho ws ho w to chan ge th e enable passw ord to l1u2c3k4 y5 . The password is not en crypt ed and pr ovi des ac cess to le vel 15 (traditi onal pri vileg[...]

5-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Protecting A ccess to Privileged EXE C Comman ds Protecting En able and E nable S ecret Pas sword s with E ncryptio n T o provide an additiona l layer of security , partic ularly for passwo rds that cross the networ k or[...]

5-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Prote cti ng Ac cess to Pri vile ged EXEC Comm and s If bo th the en able and enable secret passw ords ar e def ined, users must en ter the enable se cret pas swor d. Use th e level keyword to define a password fo r a spe[...]

5-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Protecting A ccess to Privileged EXE C Comman ds T o disable usernam e aut henticat ion fo r a sp ecif ic user , u se the no username name glob al co nf igur ati on comm and. T o disab le password che cking an d allow co[...]

5-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Controlling Access Point Access with RADIUS When y ou set a comman d to a p ri vile ge le vel, all comm ands wh ose sy ntax is a subset of tha t comman d are al so set to that le vel. F or e xample, if you set t he show i[...]

5-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Con troll ing Acce ss Po in t Acce ss wi th R ADI US RADIUS provides detai led accou nting i nform ation and fl exible admi nistrat ive contro l over authenti cation and au thorizatio n processes. RADI US is fac ilitate[...]

5-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Controlling Access Point Access with RADIUS T o disa ble A AA, u se t he no aaa new-model global co nfiguration comm and. T o di sable AAA authenti cation, use th e no aaa aut hentica tion log in { def ault | list-name }[...]

5-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Con troll ing Acce ss Po in t Acce ss wi th R ADI US Defining AAA Se rver Grou ps Y ou can configure the wire less device to use AAA s erver grou ps to group existing server h osts f or authenti cation. Y ou sele ct a s[...]

5-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Controlling Access Point Access with RADIUS Step 3 radius-server host { hostname | ip-addr ess } [ auth-po rt port- num ber ] [ acct-po rt port- num ber ] [ timeout second s ] [ retr ansmit r etries ] [ key str ing ] Spe[...]

5-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Con troll ing Acce ss Po in t Acce ss wi th R ADI US T o remove th e specifie d RADIUS serve r , u se the no radius-ser ver host hostname | ip-add r ess global configurati on comm and. T o remove a server group fro m th[...]

5-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Controlling Access Point Access with TACACS+ T o disable au thoriz ation , use the no aaa aut horizati on { network | exec } method1 gl obal c onfigurat ion comm and. Displaying th e RADIUS C onfiguratio n T o display th[...]

5-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Con troll ing Acce ss Po in t Acce ss wi th T ACAC S+ authe nticat ion methods a re perfor med. The only exceptio n is the defaul t method l ist (whic h, by coin cide nce, is n amed defaul t ). The defau lt method list [...]

5-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Controlling Access Point Access with TACACS+ T o disa ble A AA, u se t he no aaa new-model global co nfiguration comm and. T o di sable AAA authenti cation, use th e no aaa aut hentica tion log in { def ault | list-name [...]

5-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Configur ing Ethernet Sp eed and Dupl ex Settings Configuri ng Ethernet Sp eed and Duple x Settings Y ou can assign the wire less device Etherne t port spee d and dupl ex settings. W e rec ommend t hat you use auto , th[...]

5-19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Configuring the Access Point for Local Authentica tion and Authorization Configuring the Access Point for Local Authentication and Authorizat ion Y ou can configure AAA to oper ate wit hout a server by configurin g the w[...]

5-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Configur ing the Au thentication Ca che and Pro file T o disa ble A AA, u se t he no aaa new-model global co nfiguration comm and. T o di sable author izati on, use the no aaa autho rization { network | exec } method1 g[...]

5-21 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Configuring the Authentication Cache and Profile ! aaa group server tacacs+ tac_admin server 192.168.133.231 cache expiry 1 cache authorization profile admin_cache cache authentication profile admin_cache ! aaa group ser[...]

5-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Configuring the Access Point to Provide DHCP Service ! ip http server ip http authentication aaa no ip http secure-server ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag ip radius source[...]

5-23 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Configuring the Access Point to Provide DHCP Service Note When yo u configure the ac cess point as a DHCP server , it assi gns IP addresse s to devices on its subnet. The devices commun icate w ith other de vices on t he[...]

5-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Configuring the Access Point to Provide DHCP Service Use the no form of these command s to return to default sett ings. This example shows how to configure the w irele ss device as a DHC P server, e xclud e a rang e of [...]

5-25 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Configuring the Access Point for Secure Shell Clear Commands In pri vileged Exec mode, use the co mmands in Ta b l e 5 - 3 to clea r DHCP serv er va riab les. Debug Command T o enable DHCP server deb ugging, use this com[...]

5-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Configuring Client ARP Cachi ng Note The SSH feature in this software relea se does not support IP Security (IPsec). Configuring SSH Before configuring SSH, download th e cryp to soft ware image from C isco. com. For m [...]

5-27 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Mana gi ng th e S ystem Tim e an d Da te Configuring ARP Caching Beginning in privileged EX EC mode, fol low these steps to co nfigure the wire less device to mainta in an ARP cache for associa ted clien ts: This e x amp[...]

5-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Managin g the Syste m Time and Date http://www .cisco.com/en/US/produc ts/sw/iosswrel/ps1831/pro ducts_configuration_gu ide_chapter0918 6a00800c a66f.htm l#100 1131 If mu ltipl e serv ers are a t the same stratu m, a c [...]

5-29 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Mana gi ng th e S ystem Tim e an d Da te Begi nning in pri vile ged EXEC m ode, follo w these steps t o set the s ystem cloc k: This example shows ho w to manually set th e system cloc k to 1:32 p.m . on July 23, 200 1: [...]

5-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Managin g the Syste m Time and Date The minutes-of fset variable in the clock timezone global c onfiguratio n com mand i s av ailable for th ose cases wh ere a local time zon e is a percen tage of an hour dif ferent fr [...]

5-31 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Mana gi ng th e S ystem Tim e an d Da te The first part of the clock summer -time glob al conf iguration co mmand specif ies when summer time beg ins, and the second par t speci fi es when i t end s. All time s are rela [...]

5-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Defining HTT P Ac cess Defining HTTP Acce ss By def ault, 80 is use d for HTTP acc ess, and port 443 is used for HTTPS acces s. These v alues can be custom ized b y the user . Follo w these steps to def ine the HTTP acc[...]

5-33 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Confi guring a S ystem Name an d Prompt When yo u set the syste m name, it i s also use d as the system prompt . T o return to the default host name, use the no hostname glob al configur ation comma nd. Understand ing DN[...]

5-34 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Configur ing a System Nam e and Prom pt Setting Up DNS Beginning in privileged EX EC mode, fol low these steps to set up th e wirele ss device to use the DNS: If you use the wirel ess device IP address as i ts host name[...]

5-35 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Creat ing a Bann er T o remove a domain n ame, use the no ip domain-name name globa l configurat ion comm and. T o rem ove a name ser ver addre ss, use the no ip name-server server-addr ess globa l configurat ion comm an[...]

5-36 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Creating a Banner Beginning in privileged EX EC mode, fol low these steps to con figure a MOTD login banner: T o delete the MO TD banner , use the no banner motd g lobal c onfiguration com mand. This exampl e shows ho w[...]

5-37 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode Configurin g a Lo gin Bann er Y ou can configure a login banne r to ap pear on all c onnect ed termin als. Thi s banne r appears a fter the MO TD banne[...]

5-38 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Migrati ng to Japan W 52 Do main The fo llowing int erface globa l co nfiguration mode CLI c omma nd is used t o migra te a n acce ss point 802.1 1a radio to th e W52 doma in: dot11 migrate j52 w 52 Afte r displa ying a[...]

5-39 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Adm inistering the Access Point Configuring Multiple VLAN and Rate Limiting for Point-to -Multipoint Bridging Verifying th e Migration Use the show contr o llers command to conf irm the migratio n as sho wn in this typ ical e xample: ap# show controlle[...]

5-40 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 5 Admin istering the Access Poin t Configur ing Multiple VL AN and Rate L imiting for Po int-to-Mul tipoint Bridgi ng In a typical scena rio, multiple VLAN suppor t permits users to set up point-to-mult ipoint bridge links with r emote sites, with eac h [...]

CH A P T E R 6-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 6 Configuring Radio Settings This chapter describe s how to configure radio settin gs for the wireless de vice. This chapter includes these sections: • Enabling the Radio Interf ace, page 6-2 • Config uring the Role in Radi o Network, page 6-2 ?[...]

6-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Enabling the Radio Interface Enabling the Radio Interface The wireless de vice radios are disabled b y default. Note Beginning wit h Cisco IOS Release 12.3(8)J A there is no SSID. Y ou must create an SSID before you can enab[...]

6-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring the Ro le in Radio Netw ork Y ou can also configure a fallback role for root access points. The wi reless de vice automatically assumes the fallback role when it s Ethernet port is disabled or disconnected from th[...]

6-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network Step 3 station-role non-root {bridge | wire less-clients} rep e a te r root {access-point | ap-only | [bridge | wireless- clients] | [fallback | repeater | shutdo wn]} scanner workgr oup[...]

6-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring the Ro le in Radio Netw ork Note When you enable the role in the radio network as a Bridge/w orkg roup bridge and enable the interface using the no shut command, the physical status an d the software statu s of th[...]

6-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring the Role in Radio Network • Outdoor MIMO bridging usi ng external antennas has not been ful ly tested and is not fully supported with this release. Note In point-to-multip oint bridging, WGB i s not recommended[...]

6-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring the Ro le in Radio Netw ork Radio Tracking Y ou can conf igure the access point to track or monitor the status of one of it s radios. It the tracked radio goes down or is disabl ed , the access point shuts do wn t[...]

6-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radio Data Rates Bridge Features Not Supported The follo wing features are not supported when a 1200 or 1240 series access point is configured as a bridge: • Clear Channel Assessment (CCA) • Interoperability [...]

6-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuri ng Radio Data Rates to be made based on reso urces av ailable to the wireless project, type of traf fic the users will be passing, service lev el desired, and as always, the qu ality of the RF en vironment.When you [...]

6-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radio Data Rates Step 3 speed 802.11b, 2.4-GHz radio: {[ 1.0 ] [ 11.0 ] [ 2.0 ] [ 5.5 ] [ basic-1.0 ] [ basic-11.0 ] [ basic- 2.0 ] [ basic-5.5 ] | range | thro ughput } 802.11g, 2.4-GHz radio: {[ 1.0 ] [ 2.0 ] [...]

6-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring MCS Rates Use the no form of the speed command to remov e one or more data rates from the conf iguration. This exam ple sho ws how t o remov e data rates basic-2.0 and basic-5. 5 from the conf iguration: ap1200# [...]

6-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radio Transmit Powe r MCS rates are confi gured using the speed command. The follo wing example sho ws a speed setting for an 802.11n 5-GHz radio: interface Dot11Radio0 no ip address no ip route-cache ! ssid 125[...]

6-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radi o Transmit Power Step 2 Click T echnical Support & Documentation . A small windo w appears contai ning a list of technical support links. Step 3 Click T echnical Support & Documentati on . The T echn[...]

6-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radio Transmit Powe r Use the no form of the po wer command to return the p ower setting to maximum , the def ault setting. Step 3 power local These option s are a v ailable f or the 802.11b, 2.4-GHz radio (in m[...]

6-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radi o Transmit Power Limiting the Power Level for Associated Client Devices Y ou can also limi t the po wer le vel on cli ent de vices that associate to the wireless d evice. When a clien t dev ice associates to[...]

6-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Use the no form of the client power comman d to disable the maximum po wer level for associat ed clients. Note Aironet extensions must be enabled to limit the po wer lev el on associated [...]

6-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radio Channel Settings Because they change frequent ly , channel settings are not incl uded in this document. F or up-to-date information on channel settings for your access point or bridge, see the Channels and [...]

6-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Dynamic Frequency Selection Access points with 5-GHz radios configured at th e factory for use in the United States, Europe, Singapore, K orea, Japan, Israel, and T aiwan no w comp ly w i[...]

6-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radio Channel Settings If radar is detected on a manually conf igured DFS channel, the channel will be changed automatically and will not return to the configured channel. Prior to transmitt ing on an y channels [...]

6-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radi o Channel Settings Confirming that DFS is Enabled Use the show controllers dot11radio1 command to conf irm that DFS is enabled. The command also includes indicat ions that uniform spreading is requ ired and[...]

6-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Radio Channel Settings The follo wing e xample conf igures the 5 GHz radio to use DFS: ap#configure terminal ap(config)#interface dot11radio1 ap(config-if)#channel dfs ap(config-if)# Blocking Channels from DFS Se[...]

6-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Loca tion-Based Services This exampl e sho ws how to unb lock all frequencies for DFS: ap(config-if)# no dfs band block Setting the 802.11n Guard Interval The 802.11n guard inter val i s the period in nanosecond[...]

6-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Location-Based Service s Figur e 6-2 Basic LBS Networ k Configuration The access points that you conf igure for LBS should be in the same vicinity . If only o ne or two access points report messages from a tag, t[...]

6-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Enabling and Disabling World Mode In this e xample, the prof ile southside is enabled on the access po int 802.11g ra dio: ap# configure terminal ap(config)# dot11 lbs southside ap(dot11-lbs)# server-address 10.91.105.90 po[...]

6-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Disabling and Enabling Short Radio Preambles Use the no form of the command to disable world mode. Disabling and Enabling Short Radio Preambles The radio pream ble (s ometimes ca lled a header ) is a section of data at the h[...]

6-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring Transmit and Receive Antenna s Short preambles are enabled by default. Use the preamble-short command to enab le short preambles if they are disa bled. Configuring Transmit and Receive Antennas Y ou can select t[...]

6-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Enabling and Disab ling Gratuitous Probe Resp onse Enabling and Disabling Gratuitous Probe Response Gratuitous Probe Response (GPR) ai ds in conservi ng b attery po wer in dual mode ph ones that support cellular and WLAN mod[...]

6-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Disabling and Enabling Aironet Extensions (config-if)# probe-response gratuitous speed 12.0 (config-if)# probe-response gratuitous period 30 speed 12.0 Use the no form of the command to disable the GPR feature. Disabling an[...]

6-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring the Ethernet Encaps ulation Transformation Method Configuring the Ethernet Encapsulation Transformation Method When the wireless device recei ves data packets that are not 802.3 packets, the wireless de vice must[...]

6-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Enabling and Disabling Public Secure Pa cket Forwarding Note This feature is best sui ted for use with stati onary workgr oup bridges. Mobile w orkgroup bridges mig ht encounter spots in the wireless device's cov erage[...]

6-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Enabling and Disabling Publ ic Secure Packet Forwa rding PSPF is disabled b y default. Be ginning in privil e ged EXEC mode, follo w th ese steps to enable PSPF: Use the no form of the command to disable PSPF . Configuring P[...]

6-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring the Beaco n Period and the DTIM Configuring the Beacon Period and the DTIM The beacon period is the amount of time between acc ess po int beacons in Kilomicroseconds. One Kµsec equals 1,024 m icroseconds. The D[...]

6-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuri ng the Maxi mum Data Retries Use the no form of the command to reset the R TS settings to def aults. Configuring the Maximum Data Retries The maximum data retries setting determines the nu mber of attempts the wire[...]

6-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Enabling Short Slot Tim e for 802.11g Radios Use the no form of the command to reset the setting t o defaults. Enabling Short Slot Time for 802.11g Radios Y ou can increase through put on the 802.11g, 2.4-GHz radio b y enab[...]

6-35 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics The Stream page appears. Step 4 Click the tab for the radio to configu re. Step 5 For b oth CoS 5 (V ideo) and CoS 6 (V oice) user priorities, choose Lo w Latency from t he Packet Handling drop-do wn m[...]

6-36 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Viewing Voice Reports Y ou can use a browser to access voice reports listing V oWLAN metrics stored on a WL SE. Y ou can view reports for access point grou ps and for indi vidual access p oints. T o v[...]

6-37 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics • T o view a graph of v oice bandwidth in use during the last hour , choose Bandwidth In Use (% Allowed) from the Report Name drop-do wn menu. • T o view graphs of v oice streams in progress, choos[...]

6-38 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figur e 6-6 V oice Str eaming Progr ess Viewing Wireless Client Reports In addition to vie wing voice reports from an access point perspective, you can vie w the m from a client perspective. F or e ve[...]

6-39 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figur e 6-7 Wireless Client Metr ics Viewing Voice Fault Summary The Faults > V oice Summary page in WLSE displays a summary of the fault s detected with t he follo wing voice fault types: • Exces[...]

6-40 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figur e 6-8 V oice F ault Summary Configuring Voice QoS Settings Y ou can use WLSE Faul ts > V oice QoS Settings scre en to define the voice QoS thresholds for the follo wing parameter s: • Down [...]

6-41 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figure 6-9 V oice Qo S Settings Configuring Voice Fault Settings Y ou can use WLSE F aults > Manage F ault Settings sc reen to enab le fault generation and specify the priority of th e faults genera[...]

6-42 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Configuring ClientLink Configuring ClientLink Cisco ClientLink (referred to as Beam Fo rming) is an intelligent b eamforming technology th at directs the RF signal to 802.11a/g de vices to improve perfo rmance by 65%, impro[...]

6-43 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Debugging Radio Func tions This exampl e sho ws how to begin d ebu gging of all radio-related e vents: AP# debug dot11 events This exampl e sho ws how to begin d ebu gging of radio packets: AP# debug dot11 packets This examp[...]

6-44 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 6 Configuring Radio Settings Debugging Radio Functions[...]

CH A P T E R 7-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 7 Configuring Multiple SSIDs This chapte r describes ho w to conf igure and manage multip le service set identif iers (SSIDs) on the acces s point. This c hapter contains these secti ons: • Understan ding Multiple SSI Ds, page 7-2 • Conf iguring [...]

7-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs Unde rst and ing Mu lt iple S SID s Understandin g Multiple SSIDs The SSID i s a unique identif ier th at wireless networkin g de vices use to estab lish and mainta in wireless connect ivi ty . Multiple access points on a net[...]

7-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs Understanding Multiple SSIDs Cisco IOS Releas e 12.3(10b)J A supports conf iguration of SSID parameters at the interface le vel on the CLI, b ut the SSIDs ar e stored in g lobal mode . Storing all SSIDs in global mode ensure[...]

7-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs Config uring Mu ltiple S SIDs Configuring Multi ple SSIDs These secti ons co ntain configuration inf ormatio n for mul tiple SSIDs: • Default SSID Configura tion, page 7-4 • Creatin g an SSID Globally , page 7-4 • Using[...]

7-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs Configuring Multiple SSIDs Step 3 authe ntic ation clie nt usern ame userna me password pass wor d (Optional) Set an authenticat ion username and passwo rd that the acc ess point us es to authe nticate to the net work wh en [...]

7-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs Config uring Mu ltiple S SIDs Note Y ou use the ssid command au thentic atio n options to co nfigure an aut hentica tion type for each SSID . See Chapter 9, “Conf iguring an Access Point as a Loc al Authentica tor , ” for[...]

7-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs Configuring Multiple SSIDs ssid buffalo vlan 7 authentication open Ho we ver , this sample output fr om a sho w dot 11 a ssoc iation s pri vile ged EXEC command sho ws the spaces in the SSI Ds: SSID [buffalo] : SSID [buffalo[...]

7-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs Config uring Mu ltiple Basic SSIDs Configuri ng Multiple Basic SSI Ds Access po int 8 02.11a, 802.1 1g, and 802.1 1n radi os sup port up to 8 b asic SSID s (BSSID s), whic h ar e similar to MA C addresses. Y o u use multiple [...]

7-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs Confi guring Mult iple Ba sic SSIDs Figur e 7 -1 Global SSID Manag er P age Step 2 Enter the SSID name in the SSID fie l d . Step 3 Use the VLAN drop-down menu to se lect the VLAN to whi ch the SSID is assigne d. Step 4 Sele[...]

7-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs Config uring Mu ltiple Basic SSIDs Step 7 (Optional) In the Multiple BSSID Beacon Settings sectio n, select the Set SSID as Guest Mode check box to include the SSID in beacons. Step 8 (Optional) T o increase th e battery lif[...]

7-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs Assigning IP Redirection for an SSID Assigning IP Redirection for an SSID When y ou conf igure IP red irection for an SSID, the ac cess point redirec ts all p acke ts se nt f rom cl ient de vices associa ted to that SSID to[...]

7-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs Assigning I P Redirectio n for an SSID Guidelines for Using IP Redirection Keep these guideline s in mind when usi ng IP redirec tion: • The acce ss point do es not re direct br oadcast, unicast, or multic ast BOOTP/DHCP p[...]

7-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs Inclu ding an SSID in an SS IDL IE This exam ple sh ow s ho w to conf igur e IP re directio n only for pack ets sent to the specif ic TCP and UDP ports specif ied in an A CL applied to the BVI1 interfa ce. When t he acce ss[...]

7-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs NAC Suppor t for MBSSID N A C is d esigned specifically to help ensur e tha t all w ired and wire less e ndpoint d evices (such as PC s, laptops, servers, and PD As) accessing network resour ces ar e adequa tely protec ted f[...]

7-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs NAC Support for MBSSID A new keyword, backup , is added to the existi ng vlan < name> | <id> under dot1 1 ssid < ssid> as describe d below: vlan <name>|<id> [backup <name>|<id>, <[...]

7-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs NAC Suppor t for MBSSID Configuring NAC for MBSSID Note This feature supports only Layer 2 mobility within VLANs. La yer 3 mobility using ne twork ID is not supported i n this feature . Note Be fore yo u attem pt to e nable [...]

7-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Conf iguring Multip le SSIDs NAC Support for MBSSID authentication open authentication network-eap eap_methods ! dot11 ssid mktg vlan mktg-normal backup mktg-infected1, mktg-infected2, mktg-infected3 authentication open authentication network-eap eap_m[...]

7-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 7 Configuring Mu ltiple SSIDs NAC Suppor t for MBSSID[...]

CH A P T E R 8-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 8 Configuring Spanning T ree Protocol This ch apt er descib es how to co nfigure Span ning T ree Prot ocol ( STP) on your ac cess poi nt. Th is c hapter contai ns these s ections : • Understa nding Span ning T ree Proto col, page 8-2 • Configurin[...]

8-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 8 Conf igur ing S pan ning Tree Pro toco l Underst anding Spa nning T ree Protocol Understandin g Spannin g Tree Protocol This se ction describe s how spanni ng-tre e fea tures work. It i ncludes t his inform ation : • STP Overview , page 8-2 • Acces[...]

8-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 8 Configuring Spa nning Tree Pro tocol Unde rsta ndin g Sp annin g Tr ee P rotoc ol The access p oint maintains a separate spann ing-tree insta nce for each a ctiv e VLAN conf igured on it. A bridge ID, consi sting of the bridge prior ity and the access p[...]

8-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 8 Conf igur ing S pan ning Tree Pro toco l Underst anding Spa nning T ree Protocol When a access point recei ves a c onf iguratio n BPDU that co ntains superior inform ation (l ower access point ID, lower path co st, and so f orth) , it store s the in fo[...]

8-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 8 Configuring Spa nning Tree Pro tocol Unde rsta ndin g Sp annin g Tr ee P rotoc ol Spannin g-Tr ee Timers Ta b l e 8 - 1 desc ribes the t imers that affect the en tir e span nin g-tree perf orma nce. Creating the S pannin g-Tree To polo gy In Figure 8- 1[...]

8-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 8 Conf igur ing S pan ning Tree Pro toco l Underst anding Spa nning T ree Protocol it can create temp orary data loops. Interfa ces m ust wait for new top ology informa tion to prop agat e through the LAN before starting to forw ard frames. Th ey must al[...]

8-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 8 Configuring Spa nning Tree Pro tocol Unde rsta ndin g Sp annin g Tr ee P rotoc ol 2. While spannin g tree w aits t he forwar d-delay timer t o expi re, it mov es the interfa ce to th e learnin g stat e and resets the forw ard- delay timer . 3. In the le[...]

8-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 8 Conf igur ing S pan ning Tree Pro toco l Configur ing STP Feat ures Forwarding State An interf ace in th e forw ardin g state f orwar ds frame s. The inte rf ace enter s the for wardi ng state from th e learni ng state. An in terface i n the forward in[...]

8-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 8 Configuring Spa nning Tree Pro tocol Configuring STP Features The ra dio and Et hernet interfac es a nd the native VLAN on the a ccess p oint a re assi gned to bri dge group 1 by default. Whe n you enab le STP a nd assign a priorit y on bri dge group 1,[...]

8-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 8 Conf igur ing S pan ning Tree Pro toco l Configur ing STP Feat ures STP Configu ration Ex amples These configurati on examples show how to enable STP on root and n on-root access p oints w ith and without VLAN s : • Root Br idge Without VLANs , page[...]

8-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 8 Configuring Spa nning Tree Pro tocol Configuring STP Features Non-Root Bridge Wi thout VLANs This exam ple sh ows the con figuration of a no n-root bridg e wi th no V LANs configured with STP enab led: hostname client-bridge-north ip subnet-zero ! brid[...]

8-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 8 Conf igur ing S pan ning Tree Pro toco l Configur ing STP Feat ures ! interface Dot11Radio0 no ip address no ip route-cache ! ssid vlan1 vlan 1 infrastructure-ssid authentication open ! speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 rts threshold 2[...]

8-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 8 Configuring Spa nning Tree Pro tocol Configuring STP Features bridge 2 priority 10000 bridge 3 protocol ieee bridge 3 priority 3100 ! line con 0 exec-timeout 0 0 line vty 5 15 ! end Non-Root Bridge with V LANs This example shows the configurat ion of a[...]

8-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 8 Conf igur ing S pan ning Tree Pro toco l Displaying Spanning-T ree Status encapsulation dot1Q 1 native no ip route-cache bridge-group 1 ! interface FastEthernet0.2 encapsulation dot1Q 2 no ip route-cache bridge-group 2 ! interface FastEthernet0.3 enca[...]

CH A P T E R 9-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 9 Configuring an Access Poin t as a Local Authentic ator This ch apter de scrib es ho w to co nf igure th e acce ss point a s a loca l authen ticator t o serv e as a s tand- alone authenti cator for a small wirel ess LAN or to p rov ide back up authe[...]

9-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Lo cal Authenticator Underst andin g Local Au thentic ation Understandin g Local Authen tication Many small wire less LANs that could be made more secure wit h 802.1x authenti cation do no t hav e acces s to a RADI US se[...]

9-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Local Aut henticator Confi guring a Loc a l Authent icat or Guidelines for Lo cal Authenticators Foll ow these g uidelines whe n conf iguring an access p oint a s a loca l authenti cator: • Use an acces s point th at d[...]

9-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Lo cal Authenticator Configur ing a Lo cal Authe ntica tor Step 3 radi us- server l oca l Enable the access point as a loca l authent icator an d enter conf iguration mod e for the authentica tor . Step 4 nas ip-addre ss[...]

9-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Local Aut henticator Confi guring a Loc a l Authent icat or This e xample sho ws how to set up a lo cal auth enticator used by thre e access point s with three user gro ups and several user s: AP# configure terminal AP(c[...]

9-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Lo cal Authenticator Configur ing a Lo cal Authe ntica tor AP(config-radsrv)# user 00095125d02b password 00095125d02b group cashiers AP(config-radsrv)# user 00079431f04a password 00079431f04a group cashiers AP(config-rad[...]

9-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Local Aut henticator Confi guring a Loc a l Authent icat or Each ti me the acce ss point trie s to use the main serve rs while the y are do wn, the client de vice trying to authenti cate might r eport an authen ticati on[...]

9-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Lo cal Authenticator Configur ing a Lo cal Authe ntica tor In th is exa mple, th e loc al authe nticat or gener ates a P A C for the user name joe , pas sw ord -pr otect s t he f ile with the password bingo , sets the P [...]

9-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Local Aut henticator Confi guring a Loc a l Authent icat or Limiting the Local Authenticator to One Authentication Type By default, a local au thentica tor acc ess point perf orms LEAP , EAP-F AST , and MA C-based authe [...]

9-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 9 Configuring an Access Point as a Lo cal Authenticator Configur ing a Lo cal Authe ntica tor The seco nd section lists sta ts for each ac cess point (N AS) authoriz ed to use the local au thentic ator . The EAP-F AST statistics in this section include t[...]

CH A P T E R 10-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 10 Configuring Cipher Suites and WEP This chapte r des cribes ho w to conf igure the c ipher suites requi red to use W i-Fi Pr otect ed Access (WP A) and Ci sco Cent ralize d Key Managemen t (CC KM) aut hentica ted key mana gement, W ired Equiv alen[...]

10-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cip her Su ites and W EP Underst anding Cipher Suites and W EP Understandin g Cipher Suit es and WEP This se ction de scribe s how WEP an d ciph er suite s prote ct tra ff ic on you r wir eless LA N. Just as any one within ra nge of a rad[...]

10-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cipher Suite s and WEP Config uring C ipher Suit es and WEP • TKIP (T e mporal Ke y Integrity Protoc ol)—TK IP is a suite of al gorithms surrou nding WE P that is designed to achie ve the best possible security on le gac y hardw are b[...]

10-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cip her Su ites and W EP Configuring Cipher Suites an d WEP Beginning in privileged EXEC m ode, fol low these steps to crea te a WEP key and set the key propert ies: This example shows ho w to creat e a 128-bit WE P key in slot 3 for VLAN[...]

10-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cipher Suite s and WEP Config uring C ipher Suit es and WEP WEP Key Restrictions T able 10-1 lists WEP key restriction s based on your sec urity configura tion. Example WEP Key Setup T able 10-2 sho ws an e xample WEP ke y setup tha t wou[...]

10-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cip her Su ites and W EP Configuring Cipher Suites an d WEP Note If you enab le MIC but you use s tati c WEP (you do no t enab le any ty pe of EA P authen tica tion), both t he acces s point a nd an y de vices with whi ch it comm unicate [...]

10-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cipher Suite s and WEP Config uring C ipher Suit es and WEP Use the no fo rm of the e ncryp tion co mman d to disable a ci pher suite. Matching Ciphe r Suites with WPA or CCKM If you co nfigure your acces s point to use WP A or CCKM a uth[...]

10-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cip her Su ites and W EP Configuring Cipher Suites an d WEP Note If using W P A a nd CCKM as key manageme nt, onl y tkip and a es ci phers a re suppor ted. If using only CCKM as key managem ent, c kip, c mic, ckip-c mic, t kip, w ep, a nd[...]

10-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cipher Suite s and WEP Config uring C ipher Suit es and WEP Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable broadcast k ey rotation: Use the no fo rm of the e ncrypt ion co mman d to disable broa dcast key rotatio n. T[...]

10-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 10 Configur ing Cip her Su ites and W EP Configuring Cipher Suites an d WEP[...]

CH A P T E R 11-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 11 Configuring Authentication Types This c hapter des cribe s ho w to conf igure auth enticatio n type s on the ac cess poi nt. This ch apter co ntai ns these sectio ns: • Und erst andi ng Au thent icat ion T ype s, page 11-2 • Conf iguring Auth[...]

11-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Underst andin g Authent ication Types Understandin g Authentica tion Types This secti on descri bes the au thent icatio n types that you can co nfigure on the acce ss point. Th e authent ication types a re tie d to the[...]

11-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Underst anding Auth enticat ion T ypes Figur e 1 1 -1 Sequence fo r Open A uthentication Shared Key Authenticatio n to the Ac cess Poin t Cisco pro vides shared ke y a uthenticati o n to comply with th e IEEE 802.1[...]

11-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Underst andin g Authent ication Types EAP Authentication to the Network This a uthent ication type p rovides the high es t lev el o f securit y fo r your wirel ess networ k. By using t he Extensibl e Authenti cation Pr[...]

11-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Underst anding Auth enticat ion T ypes There is more th an one type of EAP authentic ation, b ut the access point be hav es the same w ay for e ach type: it relays aut hentication messa ges from the wireless client[...]

11-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Underst andin g Authent ication Types Figur e 1 1 -4 Sequence f or MAC-Base d A uthentication Combining MAC-Based, EAP, and Open A uthentication Y o u can se t up the access poin t to auth enticate cl ient devi ces usi[...]

11-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Underst anding Auth enticat ion T ypes Figure 11-5 shows the reassociation process using CCKM. Figur e 1 1 -5 Client Reas sociation Using CCKM Using WPA K ey Ma nagement W i-Fi Protec ted Ac cess (WP A) is a stan d[...]

11-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Underst andin g Authent ication Types Figure 11-6 shows the WP A key managem ent proces s. Figur e 1 1 -6 WP A Ke y Man ageme nt Pr ocess Softwa re and F irmware Req uirements for WP A, CCKM, CKIP, and WPA-TKIP T able [...]

11-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Underst anding Auth enticat ion T ypes T o support the security com binations in T able 11-1 , y our Cisco Aironet access poi nts and Ci sco Airon et client devices m ust run the f ollowing so ftware a nd firmware [...]

11-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Configur ing Authe nticati on Types Note Whe n you configure TKIP - only c ipher encr yption (not TKIP + WEP 128 or TKIP + WE P 4 0 ) on any radio i nterface or VLAN , every SSID on that r adio o r VLA N must be set t[...]

11-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Configuring Authentication Types Step 3 authe ntic ation ope n [ mac-addre ss list-name [ alte rnate ]] [[ optional ] eap list-n am e ] (Optional) Set th e authenticatio n type to open for this SSID. Open auth ent[...]

11-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Configur ing Authe nticati on Types Step 5 authe ntic ation ne twork-e ap list-name [ mac-addre ss list-name ] (Optional) Set th e authenticatio n type for the SSID to Network- EAP . Usin g the Ext ensible Au thent ic[...]

11-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Configuring Authentication Types Use the no form of the SSID comman ds to di sable the SSID or to dis able SSID feat ures. This e xample sets the authent ication type for the SSID ba tma n t o Networ k-EAP wi th C[...]

11-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Configur ing Authe nticati on Types Configuring Additional WPA Set tings Use two o ptional settings to co nfigure a pre -sha red key on the a ccess po int an d adjust the fre quen cy of group key updates . Setting a P[...]

11-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Configuring Authentication Types This exam ple shows how to con figure a pre -shar ed key for c lients using WP A and static WE P , with group key update op tions: ap# configure terminal ap(config-if)# ssid batman[...]

11-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Configur ing Authe nticati on Types This e xample sho ws how to enable MA C authentication cach ing with a one-hour timeo ut: ap# configure terminal ap(config)# dot11 aaa mac-authen filter-cache timeout 3600 ap(config[...]

11-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Configuring Authentication Types Use the no form of th ese comman ds to reset the v alues to d efault settings. Creating and Applying EAP Method Profiles for the 802.1X Supplicant This secti on describe s the opti[...]

11-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Configur ing Authe nticati on Types Creating an EAP Metho d Profile Beginning in privileged exec mod e, foll ow these steps t o define a new EAP profile: Use the no command to nega te a command or set its def aults. U[...]

11-19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Matching Access Point and Client Device Authentication Types Applying an EAP P rofile t o an Up link SSID This ope ration typ ically appli es to repeat er acce ss points. Beginni ng in the privileged ex ec mode, f[...]

11-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Matchi ng Access Point and Clien t Device Authentica tion Type s f T able 1 1 -2 Client and A ccess P oint Securi t y Set tings Security Feature Client Setting Access Point Setting Static WEP with open authentica tion[...]

11-21 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 1 Configuring Au thentica tion Type s Matching Access Point and Client Device Authentication Types 802.1X auth entic ation and CCKM Enable LEAP Sele ct a cip her suite and ena ble Network-EAP a nd CCKM for the SSID Note T o all ow both 802. 1X clients[...]

11-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 11 Configuring Authentication Types Matchi ng Access Point and Clien t Device Authentica tion Type s EAP-MD5 au thentica tion If using A CU to conf igure card Crea te a WEP k ey , ena ble Host Based EAP , and en able Use Static WEP Ke ys in ACU an d sel[...]

CH A P T E R 12-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 12 Configuring WDS, Fast Secure Roamin g, Radio Managemen t, and Wireless Intrusio n Detection Services This chap ter de scribe s ho w to conf igure your acces s points fo r wirel ess doma in services (WDS), fast, secure roaming of client devices, r[...]

12-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Underst anding WD S Understandin g WDS When you con f igure W ireless D omain Services on yo ur ne twork, ac cess po ints on your wirele ss LAN use the [...]

12-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Unders tanding Fast Secure Roaming Role of Ac cess Points Using the WDS Device The access points on your wir eless LAN interact with the WDS de [...]

12-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Underst anding F ast Secure Roa ming Figur e 12-1 Client A uthentica tion Using a RADIU S Serve r When you configure yo ur w ireless L AN fo r fast, s e[...]

12-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Unde rsta ndin g Radio Mana geme nt device. The WDS device f orwar ds the clie nt’ s crede ntials to th e new acc ess po int, and the new acc [...]

12-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Underst anding Wi reless Intr usion Det ection Ser vices Figur e 12-3 Requir ed Components for La yer 3 Mobil ity Click this l ink to bro wse to the inf[...]

12-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring WDS access points. The WLSE examines the BRIDGE MIB of each CDP-disco ve red switch to determine if the y contai n an y of the tar [...]

12-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Conf igurin g WDS • Configuring t he Au thentica tion Server to Suppo rt W DS, pag e 12 -15 • Conf iguri ng WDS Only Mo de, page 12-1 9 • V iewing[...]

12-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring WDS Figure 12-4 shows the requir ed configuratio n for each device that pa rticipat es in WDS. Figur e 12-4 Configuration s on Devi[...]

12-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Conf igurin g WDS On the access poin t that you wan t to config ure as your primar y WDS access point, follo w these steps to conf igure the ac cess po[...]

12-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring WDS Step 5 In the W ireless Domain Services Priority field, enter a priority number fro m 1 to 255 to set the priority of this WDS[...]

12-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Conf igurin g WDS Figur e 12-7 WDS Serv er Gro ups P age Step 10 Crea te a group of servers to be used for 802. 1x authe ntication for the infrast ruct[...]

12-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring WDS Step 14 Con figure the list of servers to be used for 802.1x au thent ication for client devices. Y ou can spe cify a separate[...]

12-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Conf igurin g WDS Configuring Access Points to use the WDS Device Follow these ste ps to c onfigure an acc ess point to a uthent icate through the WDS [...]

12-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring WDS The acce ss points th at you c onfi gure to interact with the WDS autom atically pe rform these ste ps: • Disco ver and trac[...]

12-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Conf igurin g WDS Figur e 12-9 Netw or k Configuration P age Step 2 Click Add Entry unde r the AA A Client s table. The Ad d AAA C lient page appea rs.[...]

12-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring WDS Figur e 12-1 0 Add AAA Client P age Step 3 In the AAA Client Ho stname f ield, en ter the name of the WDS de vice. Step 4 In t[...]

12-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Conf igurin g WDS Step 9 Click U ser Setup t o brow se to the Use r Setup page. Y ou must use the User Setup page to create en tries for the acce ss po[...]

12-19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring WDS Step 13 Select Cisco Secure Da tabase from the Password Authent icatio n drop-down menu. Step 14 In the Password and Confirm P[...]

12-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Conf igurin g WDS Viewing WDS Information On the web-bro wser interface, brow se to the W ir eless Services Summa ry page to vie w a summary of WDS sta[...]

12-21 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Configuring Fast Secure Roaming Using Debu g Messag es In privileged exec mod e, use these debug comm ands t o cont rol t he disp lay of debug [...]

12-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Configur ing Fast Secur e Roaming Configuring Access Points to Support Fa st Secure R oaming T o suppo rt fast, secur e roamin g, the access point s on[...]

12-23 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Configuring Fast Secure Roaming Figur e 12-15 Global SSID Man ag er P age Step 6 On the SSID that supports CCKM, selec t these settings : b. If[...]

12-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Configur ing Manage ment Fra me Protec tion d. Select Mandatory or Optional und er Aut henti cated K ey Manageme nt. If y ou select Mandatory , only cl[...]

12-25 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Managem ent F rame Protect ion Infrastructu re MFP provides Infrast ructure support. Infra structure MFP utilizes a message integrity check (M [...]

12-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Managem ent Frame Protectio n Client MFP ca n be c onf igur ed as either requir ed or optiona l for a pa rticul ar SSID. T o conf igur e Cli ent MFP as[...]

12-27 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Confi guring Radio Manag ement Beginn ing in pri vileg ed EXEC mode, follo w these steps to confi gure the WDS: Configuri ng Radio Manage ment [...]

12-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Configur ing Radio Ma nagemen t Step 2 Click WDS to bro wse to t he General Se tup pag e. Step 3 On the WDS/WN M Summary pa ge, clic k Settings to brow[...]

12-29 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Configuring Access Points to Participate in WIDS Configuring Acce ss Points to Participate in WIDS T o participate in WIDS, access points must [...]

12-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Configur ing Acces s Points to Participat e in WIDS Beginning in privileged EX EC mode, fol low these steps to con figure the ac cess poin t to captur [...]

12-31 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 2 Configuring WDS , Fast Secure Ro aming, Radi o Managem ent, and Wir eless In trusion Detect ion Servi ces Configuring WLSM Failover Configuring Mon itor Mode Limits Y o u can conf igure threshold valu es that the access point u ses in monitor mode. [...]

12-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 12 Configur ing WDS, Fa st Secur e Roami ng, Ra dio Mana gement, a nd Wirel ess Intru sion Det ection Configur ing WLSM Fa ilover the acti ve tunnels, which keeps data traf fic going between client and SUP . But because of the WLSM failur e, the control[...]

CH A P T E R 13-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 13 Configuring RADIUS and TACACS+ Servers This ch apter descr ibes h o w to en able and conf igure the Rem ote Auth enticati on Dial- In User Servic e (RADIUS) and T erminal A ccess Controll er Acce ss Contr ol Sys tem Plus (T ACA CS+), that p rovid[...]

13-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S Understanding RADIUS RADIUS is a distr ib uted clie nt/ser ver system that sec ures netw orks agai nst unauthorized acc ess. RADIUS c lients ru n on sup ported C isco dev[...]

13-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS Figur e 13-1 Sequen ce fo r EAP A uthentication In Step s 1 thr ough 9 in Fi gure 13-1 , a wireless clien t de vice and a RADIUS serv er on the wire d LAN use 802. 1x an d EAP t[...]

13-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S A metho d list defines th e seque nce an d methods to be used to aut hen ticate , to auth orize, or to keep accoun ts on a user. Y ou ca n use method l ists to designa te[...]

13-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS Y ou iden tify R ADIU S secu rity s ervers by the ir host name or I P add ress, host na me and specific U DP port num bers, or t heir I P addre ss and spec ific UDP port numb er[...]

13-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S Step 3 radius-server host { hostname | ip-addr ess } [ au th-p ort p ort- num ber ] [ acct-po rt port- num ber ] [ timeout second s ] [ retr ansmit r etries ] [ key str i[...]

13-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS T o remove th e specifie d RADIUS serve r , u se the no radius-ser ver host hostname | ip-add r ess global configurati on c ommand. This exam ple sho ws ho w to c onfi g ure o n[...]

13-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S T o disa ble A AA, u se t he no aaa new-model global co nfiguration comm and. T o di sable AAA authenti cation, use th e no aaa aut hentica tion log in { def ault | list-[...]

13-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS Defining AAA Server Groups Y o u can c onfi gure t he access point to use AAA serv er groups to group e xisting serv er host s for authenti cation. Y ou sele ct a subs et of the[...]

13-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S Step 3 radius-server host { hostname | ip-addr ess } [ au th-p ort p ort- num ber ] [ acct-po rt port- num ber ] [ timeout second s ] [ retr ansmit r etries ] [ key str [...]

13-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS T o remove th e specifie d RADIUS serve r , u se the no radius-ser ver host hostname | ip-add r ess global configurati on comm and. T o remove a server group fro m the configur[...]

13-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S Beginn ing in pri vileged E XEC mode, follo w these ste ps to specif y RADIUS aut horization for pri vile ged EXEC a ccess and n etwork ser vices: T o disable authoriza [...]

13-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS Note Wh en WD S is co nfigured, P oD req ues ts sho uld be di rect ed to t he WDS . The WDS forwar ds th e disassoci ation req uest to th e parent a ccess point and then p urge[...]

13-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S T o disabl e acco unting, use the no aaa accountin g { net work | exec } { star t-stop } method 1... gl obal configurati on c ommand. Selecting the CSID Format Y o u can[...]

13-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS Configuring Settings for All RADIUS S ervers Beginning in privileged EXEC mode , foll ow these steps to con figure gl obal com munica tion set tings between the acce ss point a[...]

13-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S This e xample sho ws ho w to set up two main servers and a local au thenticator wi th a server dead time of 10 minutes: AP(config)# aaa new-model AP(config)# radius-serv[...]

13-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS For a complete list of RADIUS attrib utes or more informat ion ab out VSA 26, refe r to the “ RADIU S Attributes” a ppendix in the Cisc o IOS Secu rity Configuration Guide [...]

13-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S T o delete the vendor-proprietary RADIU S host, use the no radius-serv er host { hostnam e | ip-a dd ress } non-standard global c onfigurat ion comm and. T o disa ble th[...]

13-19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS Beginn ing in pri vileg ed EXEC mode, follo w these steps to specify WISPr RADIUS attrib u tes on the acces s point: This example shows ho w to configure the WISPr locatio n-na[...]

13-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S RADIUS Attributes S ent by the Ac cess Poin t T able 13-2 through Ta b l e 1 3 - 6 identify the at trib utes sen t by an acces s poin t to a clien t in access -requ est,[...]

13-21 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Configuring and Enabling RADIUS T able 13-4 At tribut es Sent in A ccounting -Reques t (star t) P ack ets Attribute ID Description 1U s e r - N a m e 4 N AS-IP-Address 5N A S - P o r t 6S e r v i c e - T y p [...]

13-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configur ing and Enab ling RADIU S Note By default, the access point sen ds reauthentica tion requests to the authenti cation server with the service-typ e attrib ute set to authe nticate-only . Howe ver [...]

13-23 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Conf igurin g and Ena bling TAC ACS+ Configuring and Enabling T ACACS+ This se ction c ontains this c onfiguratio n infor mation: • Understa nding T A CA C S+, page 13- 23 • T A CA CS+ Opera tion, pa ge 1[...]

13-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configuring and Enabli ng TACACS+ TACACS+ Ope ration When an adm inistra tor att empts a simp le ASCI I login by authen tica ting to an ac cess point using T A CA CS+, thi s process occurs: 1. When the co[...]

13-25 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Conf igurin g and Ena bling TAC ACS+ This se ction c ontains this c onfiguratio n infor mation: • Default T A CACS+ Conf igurati on, page 13 -25 • Identifyin g the T A CA CS+ Server Ho st and Sett ing the[...]

13-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configuring and Enabli ng TACACS+ T o remov e the specif ied T A C A CS+ serv er name or add ress, use the no tacac s-s erver hos t hostnam e global configurat ion comm an d. T o remove a server group fro[...]

13-27 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Conf igurin g and Ena bling TAC ACS+ T o disa ble A AA, u se t he no aaa new-model global co nfiguration comm and. T o di sable AAA authenti cation, use th e no aaa aut hentica tion log in { def ault | list-n[...]

13-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configuring and Enabli ng TACACS+ The aaa authorization exec taca cs+ local command sets these au thorization para meters: • Use T A CACS+ for pri vileg ed EXEC acc ess authorizatio n if authentic ation[...]

13-29 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Configur ing RADI US and TACA CS+ Servers Conf igurin g and Ena bling TAC ACS+ T o disabl e acco unting, use the no aaa ac counting { netw ork | exec } { s tart-stop } method1... glob al configurati on c ommand. Displayi ng the TA CACS+ Con figurat i[...]

13-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 13 Co nfig uring R ADI US and T ACAC S+ Serv ers Configuring and Enabli ng TACACS+[...]

CH A P T E R 14-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 14 Configuring VLANs This chapte r describes ho w to conf igure your access point to operate with the VLANs set up on your wired L AN. These section s desc ribe how to c onfigure yo ur acc ess po int to support VLANs : • Understa nding V LANs , pa[...]

14-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 14 Configuring VLANs Underst anding VL ANs Understandin g VLANs A VLAN is a switched netw ork that is logically se gmented, b y functions, project teams, or ap plications rather than on a physical or geograph ical basis. For exampl e, all worksta tions a[...]

14-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 4 Configuring VLANs Unde rsta ndin g VLAN s Figur e 14- 1 LAN and VL AN Segmentatio n with Wir eless De vices Relate d Documents These docum ents pr ovide m ore de tailed inform ation per taining to V LAN de sign a nd c onfiguration : • Cisco IO S Sw[...]

14-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 14 Configuring VLANs Conf igu rin g VLAN s Incorporating Wireless Devices into VLANs The ba sic wireless c ompon ents of a V LAN c onsi st of a n acce ss point and a cli ent ass ociat ed to it usi ng wireless te chnology . The acc ess poin t is physical [...]

14-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 4 Configuring VLANs Config uring VL ANs Configuring a VLAN Note Whe n you configure V LANs on acc ess po ints, the na tive VLAN must be VLAN1. In a si ngle archi tecture , clie nt tr aff ic rec eiv ed by t he acc ess poi nt is tunnel ed th rough an IP-[...]

14-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 14 Configuring VLANs Conf igu rin g VLAN s Step 3 ssi d ssid-string Create an SSID a nd ente r SSID co nfiguration mode fo r the new SSID. T he SSID ca n c onsist o f up t o 32 al phanume ric charac ters. SSID s are case sens iti ve. The SSID c an cons i[...]

14-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 4 Configuring VLANs Config uring VL ANs This example shows how to: • Name an SSID • Assign the SSID to a VLAN • Enab le the VLAN on t he radi o an d Ethe rnet p orts as the native VLA N ap1200# configure terminal ap1200(config)# interface dot11ra[...]

14-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 14 Configuring VLANs Conf igu rin g VLAN s Creating a VLAN Name Beginn ing in pri vileg ed EXEC mode, follo w these steps to assign a name to a VLAN: Use the no form of the c ommand to r emov e the name from the VLAN. Use the show dot11 vlan-name pri vil[...]

14-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 4 Configuring VLANs Config uring VL ANs Using a RADIUS Server for Dy namic Mobility Gr oup Assignment Y ou can configur e a R ADIUS s erver to dy namical ly assign mobilit y gro ups to use rs or us er groups. This elimin ates th e need to configure mul[...]

14-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 14 Configuring VLANs VLAN Conf iguration Ex ample Virtual-Dot11Radio0 Protocols Configured: Address: Received: Transmitted: Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Bridging Bridge Group 1 201688 0 Virtual LAN ID: 2 (IEEE 802.1Q[...]

14-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 4 Configuring VLANs VLAN Confi guration Exam ple 4. Configure VLA N 1, the Manage ment V LAN, on both th e fastEthe rnet an d dot11 radio int erface s on the access point. Y ou should make this VLAN the nati ve VLAN. 5. Configure VLANs 2 an d 3 on bot[...]

14-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 14 Configuring VLANs VLAN Conf iguration Ex ample T able 14-3 shows the results of the conf iguration commands in Ta b l e 1 4 - 2 . Use the show running comman d to display the r unning c onfigurat ion on the a ccess poi nt. Notice that when you c onfi[...]

CH A P T E R 15-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 15 Configuring QoS This chapt er describes ho w to configur e quality of servi ce (QoS) on your ac cess point. W ith this feature, you can pro vide pr eferen tial tr eatment to cert ain traf fic a t the e xpense o f ot hers. W ithout Qo S, the ac ce[...]

15-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS Unde rstan din g QoS for W irele ss LA Ns Understandin g QoS for Wireles s LANs T ypically , netw orks oper ate on a best-ef fort deli v ery basis, wh ich means th at all t r af fi c has eq ual prior ity and an equ al chance of bei[...]

15-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 5 Configuring Qo S Understanding QoS for Wireless LANs QoS on the wir eless LAN focu ses on do wnstream p rioritization from the acce ss point. Figure 1 5-1 shows the up stream and downst ream t raff ic flow . Figur e 15-1 Upstr eam and Do wnstr eam T [...]

15-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS Unde rstan din g QoS for W irele ss LA Ns Note This releas e conti nues to sup port existin g 7920 w ireless pho ne firmware. D o not atte mpt to us e the new standard (IE EE 802. 11e dra ft 13) QBSS Loa d IE w ith th e 792 0 W ire[...]

15-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 5 Configuring Qo S Confi guring Qo S Configuring QoS QoS is d isabled by de fault ( howev er , the rad io int erface always hon ors tagg ed 80 2.1P pa ckets even when you have not confi gured a QoS policy). This sectio n describes how to configure QoS [...]

15-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS Conf igurin g QoS Figur e 15-2 QoS P olicies P age Step 3 Wi t h <NEW> selected in the Create /Edit Polic y f ield, t ype a name f or the QoS polic y in the Po licy Na me entry field. The name can cont ain up to 25 alphanu me[...]

15-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 5 Configuring Qo S Confi guring Qo S Step 4 If the pa ckets that you need to prioritiz e contain I P precedenc e informa tion in the IP h eader T OS f ield, select an IP preceden ce cla ssif ication from the I P Prece dence d rop- do wn men u. Menu sel[...]

15-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS Conf igurin g QoS • Class Selector 1 • Class Selector 2 • Class Selector 3 • Class Selector 4 • Class Selector 5 • Class Selector 6 • Class Selector 7 • Expedi ted Forward ing Step 8 Use the Apply Class of Servi ce [...]

15-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 5 Configuring Qo S Confi guring Qo S Step 19 Click the Apply b u tton at the bot tom of the page to appl y the polic ies to the acc ess point por ts. The QoS Po licies Advan ced Page The Qo S Poli cies Adv anced pa ge ( Figure 15 -3 ) Figur e 15-3 QoS [...]

15-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS Conf igurin g QoS IGMP Snooping When Inte rnet G roup Me mbershi p Protoc ol (IGMP) snooping is en abled o n a switch and a client roams from one ac cess point to ano the r , th e client s’ multi cas t session is dropp ed. Whe n[...]

15-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 5 Configuring Qo S Confi guring Qo S Figure 15-4 shows the Radio Acc ess Categories page. Dual-ra dio acce ss points have a Radio Access Categories page for each ra dio. Figu re 15-4 Radi o Access Categories Pag e T able 15-1 Def ault QoS Radio A cces[...]

15-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS Conf igurin g QoS Note In this re lease, c lients are blocked f rom usin g an ac cess category w hen y ou sele ct Enabl e for Ad miss ion Control. Configuring Nominal Rates When an ac cess point r ecei ves an ADDTS (add traf fic s[...]

15-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 5 Configuring Qo S Confi guring Qo S Step 3 Enter the ma ximu m perce ntage of th e chann el to be use d for voic e in t he Max Channel Capacity (%) fie ld . Step 4 Enter th e maximum p ercentage o f the c hannel to u se for ro aming call s in the Roa[...]

15-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS QoS Configura tion Examp les QoS Configuration Exa mples These sec tions descr ibe two comm on uses for QoS: • Gi v ing Prior ity to V oice T raf f ic, page 15-14 • Giving Priority to V i deo Traf fic, page 15-15 Giving Priori[...]

15-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 5 Configuring Qo S QoS Conf igurat ion Ex amples Figur e 15-5 QoS P olicies P age f or V oice Examp le The ne twork admi nis trato r als o enab les th e QoS element for wir eless phones setting on the QoS Policies - Adv anced page. Th is setting gi ve[...]

15-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 15 Conf igur ing Q oS QoS Configura tion Examp les Figur e 15-6 QoS P olicies P age f or V ideo Exam ple[...]

CH A P T E R 16-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 16 Configuring Filters This chap ter describes ho w to configu re and manage MA C address, IP , and E thertype f ilters on the access point usi ng th e web- browser int erface. T his chap ter cont ains th ese se ctions: • Understan ding Filters, p[...]

16-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 16 Config uring Fil ters Underst anding F ilters Understandin g Filters Protocol filters (IP pr otocol, IP por t, and Ethe rtype) pre vent or allow the use of specific protoc ols through the ac cess poin t’ s E therne t and radio p orts. Y ou can set [...]

16-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 6 Configuring Fi lters Configuring Filters Using th e Web-Browser Interface Configuring Filters Using the Web-Browser Interface This sect ion describes how to conf igure and enable f ilter s using the web-bro wser interface . Y ou c omplete two s teps [...]

16-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 16 Config uring Fil ters Con figur ing Filt ers Us in g the Web -Brow se r Inter fa ce Figur e 16-1 MAC A ddr ess Filt ers P ag e Foll ow this lin k path to reach the Address Filters page: 1. Click Serv ices in the page navigation bar . 2. In the Servi [...]

16-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 6 Configuring Fi lters Configuring Filters Using th e Web-Browser Interface Step 5 Use the M ask entry f ield to indicate how man y bits, f rom left t o right, the fi lter che cks aga inst the M A C address. For examp le, to require an exa ct match w i[...]

16-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 16 Config uring Fil ters Con figur ing Filt ers Us in g the Web -Brow se r Inter fa ce If clients ar e not filtere d immedia tely , c lick Reload on the System Configurati on page to re start the access point. T o re ach t he System C onfiguratio n page[...]

16-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 6 Configuring Fi lters Configuring Filters Using th e Web-Browser Interface Step 3 Click Adv anced Security to browse to the Advan ced Security: MA C Address Authenticat ion page. Figure 16-4 shows the MA C Address A uthentica tion page . Figur e 16-4 [...]

16-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 16 Config uring Fil ters Con figur ing Filt ers Us in g the Web -Brow se r Inter fa ce Step 6 Click A pply . Creating a Time -Based AC L T ime-based A CLs are A CLs that ca n be enabled or di sabled for a specif ic period of time. This cap ability provi[...]

16-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 6 Configuring Fi lters Configuring Filters Using th e Web-Browser Interface ACL Logging A CL logging is not support ed on the br idging int erfaces of AP platf orms. Whe n appli ed on bridgin g interface, it will work as if configured without “log”[...]

16-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 16 Config uring Fil ters Con figur ing Filt ers Us in g the Web -Brow se r Inter fa ce Figu re 16-6 IP F ilters Page Foll ow this link path to reach the IP Fil ters page: 1. Click Serv ices in the page navigation bar . 2. In the Servi ces page list, cl[...]

16-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 6 Configuring Fi lters Configuring Filters Using th e Web-Browser Interface Creating an IP Filter Foll ow th ese steps to create an IP f ilter: Step 1 Foll ow th e link path to the IP Filters page. Step 2 If you are cr eating a ne w filter , make sure[...]

16-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 16 Config uring Fil ters Con figur ing Filt ers Us in g the Web -Brow se r Inter fa ce Step 15 When the filt er is complet e, click Appl y . The f ilter is sa ved on the acc ess point, bu t it is not enabled until you apply it o n the Apply Filters pag[...]

16-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 6 Configuring Fi lters Configuring Filters Using th e Web-Browser Interface Figu re 16-8 Et herty pe Fi lters Pag e Foll ow th is link path to reach the Ethertype Filte rs page: 1. Click Serv ices in the page navigation bar . 2. In the Servi ces page [...]

16-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapt er 16 Config uring Fil ters Con figur ing Filt ers Us in g the Web -Brow se r Inter fa ce Step 7 Click Add . The Ethertype ap pears in the Filte rs Classes f ield. T o remov e the Eth ertype from t he Filters Classes list, select it and click Delete Clas [...]

CH A P T E R 17-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 17 Configuring CDP This c hapter d escrib es how to configure Cisco Discovery Protoco l (CD P) on your ac cess poi nt. Note For comp lete synt ax and u sage in formation for the commands used i n this c hapter , refer to the Cisco Air o net IOS Comm[...]

17-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 17 Co nfigu ring CD P Underst anding CD P Understandin g CDP Cisco Disc overy Protocol (CDP) is a device-discovery prot ocol th at run s on a ll Cisc o network equipment . Each de vice sends identifyin g messages to a multic ast address, a nd each de v [...]

17-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 7 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This e xample sho ws how to confi g ure and v erify CDP character istics: AP# configure terminal AP(config)# cdp holdtime 120 AP(config)# cdp time[...]

17-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 17 Co nfigu ring CD P Monito ring and Mai ntainin g CDP This example shows how to enable C DP . AP# configure terminal AP(config)# cdp run AP(config)# end Disabling an d Enabling CDP on a n Interface CDP is enabled by def ault on all supported interf ac[...]

17-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 7 Configuring CDP Monitoring and Maintaining CDP Below are six examples of o utput from the CD P show privileged EXEC c omma nds: AP# show cdp Global CDP information: Sending CDP packets every 50 seconds Sending a holdtime value of 120 seconds AP# show[...]

17-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 17 Co nfigu ring CD P Monito ring and Mai ntainin g CDP Device ID: idf2-1-lab-l3.cisco.com Entry address(es): IP address: 10.1.1.10 Platform: cisco WS-C3524-XL, Capabilities: Trans-Bridge Switch Interface: GigabitEthernet0/1, Port ID (outgoing port): Fa[...]

17-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 7 Configuring CDP Monitoring and Maintaining CDP AP# show cdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device IDLocal InterfaceHoldtmeCapabilityPlatformPort ID Perdido[...]

17-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 17 Co nfigu ring CD P Monito ring and Mai ntainin g CDP[...]

CH A P T E R 18-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 18 Configuring SNMP This chapt er describ es how to conf igure the Sim ple Network Mana gement Protocol (SNM P) on your acces s point. Note For comp lete syntax and usa ge inform ation for the co mmands used in this c hapter , refer to the C isc o I[...]

18-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Co nfiguring SNMP Underst anding SNM P Understandin g SNMP SNMP is an ap plicat ion-laye r protoc ol that provide s a message format for commu nicati on betwee n SNMP man agers an d agents . The SNMP manage r can be pa rt of a n etwork m anagemen t sy[...]

18-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Configur ing SNMP Underst andin g SNMP T able 18-1 lists the SNMP versions a nd security lev els supported on ac cess poin ts: For detailed information on SNMPv 3, click this link to bro wse to the New F eatur e Docu ment ati on for Cisco IOS Re lease[...]

18-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Co nfiguring SNMP Underst anding SNM P SNMP Agen t Fun ctions The SNMP a gent responds to SNMP manager requests as follo ws: • Get a MIB v ariable —The SNMP agent be gins this function in response to a request from the NMS. The agent r etrie ve s [...]

18-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Configur ing SNMP Configuring SNMP Configuring SNMP This se ction de scribe s how to configure SNMP on your acces s point . It con tains this con figuration inform ation: • Default SNMP Con figuration, page 18-5 • Enab lin g the S NMP Ag en t, p a[...]

18-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Co nfiguring SNMP Conf igurin g SNMP Configuring Community Strings Y ou use the SNMP commun ity str ing to define the r elationshi p bet ween the SNM P mana ger a nd the agent. T he community string acts lik e a password to permit ac cess to the agen [...]

18-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Configur ing SNMP Configuring SNMP T o disabl e acce ss for an SNM P commun ity , s et the commu nity string for that co mmunity to t he null string (d o not enter a value for th e communi ty string ). T o remove a specific communit y string, use the [...]

18-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Co nfiguring SNMP Conf igurin g SNMP Configuring SNMP-Server Hosts T o configur e the recipien t of an SNMP trap operatio n, use the follo wing command in global configurati on m ode: Configuring SNMP-Server Users T o configure a ne w use r to a n SNM[...]

18-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Configur ing SNMP Configuring SNMP Some noti fication type s cannot be c ontroll ed with t he s nmp -server en abl e global con figuration comm and, su ch as udp-port . These noti fi cation types are al wa ys enable d. Y ou can use the snmp- serv er h[...]

18-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Co nfiguring SNMP Conf igurin g SNMP T o remove th e specifie d host from recei ving traps, use the no snm p- server ho st host globa l configurati on c ommand. T o disabl e a spe cific tr ap type , use the no snmp-ser ver enable traps notification-t[...]

18-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Configur ing SNMP Configuring SNMP This example shows how to assign the stri ngs open and ieee to SNMP , to al lo w re ad-wri te a ccess for both, and to speci fy t hat open is the communit y string for quer ies on non-I EEE802d ot11-MIB obj ects and[...]

18-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 18 Co nfiguring SNMP Displaying SNMP Status AP(config)# snmp-server group admin v3 priv read iso write iso AP(config)# snmp-server user joe admin v3 auth md5 xyz123 priv des56 key007 AP(config)# snmp-server user fred admin v3 encrypted auth md5 abc789 p[...]

CH A P T E R 19-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 19 Configuring Repeater a nd Standby Access Po ints and Workgroup Bridge Mod e This chap ter de scribe s ho w to conf igure your acces s point as a rep eater , as a hot stan db y unit, or as a workgroup br idge. Th is chapter contains these secti on[...]

19-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 19 Configuri ng Repeat er and S tandby Acc ess Point s and Wor kgroup Brid ge Mode Underst anding Rep eater Acce ss Poi nts Understandin g Repeate r Access Points A repeater ac cess point is not connected to the wired LAN; it is placed within radio rang[...]

19-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 1 9 Configuring Repe ater and Stan dby Acces s Points and Workgroup Bridge Mode Confi guring a Repeater Access Po int Figur e 19-1 Acces s P oint as a Rep eat er Configuring a Repea ter Access Point This se ction p rovid es instr uction s for se tting up[...]

19-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapte r 19 Configuri ng Repeat er and S tandby Acc ess Point s and Wor kgroup Brid ge Mode Configur ing a Repeater A ccess Poin t Default Configuration Access points are co nf igured as root units b y default. Ta b l e 1 9 - 1 shows th e def ault v alues fo r s[...]

19-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Configuring a Repeater Access Point Setting Up a Repeater Beginning in Pri vileged Ex ec mode, follow these steps to conf igure an access point as a repeater: Command Purpose S[...]

19-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Aligning Antennas The follo wing example sho ws how to set up a repeat er access point with three p otential parents, designated 1 t o 3: AP# configure terminal AP(config)# [...]

19-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Aligning Antennas Use the show dot11 antenna-alignment command to list the MA C addresses and signal level for the last 10 de vices that responded to the pr obe. Verifying Repe[...]

19-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Aligning Antennas Setting Up a Repeater As a WPA Client WP A key management uses a combination of encr yption methods to protect communi cation between client devices and th[...]

19-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Understanding Hot Standby Understanding Hot Standby Hot Standby mode designates an access point as a backup for another access point. The standby access point is placed near th[...]

19-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Hot Standby Access Point Configuring a Hot Standby Access Point When you set up the standby access point, you must enter the MA C addr ess of the access point[...]

19-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Configuring a Hot Standby Access Po int Beginning in Pri vileged Ex ec mode, follow these steps to enable hot standby mode on an access point: Command Purpose Step 1 configur [...]

19-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring a Hot Standby Access Point After you enable standb y mode, configure the setti ngs that you recorded from the monitored access point to match on the standb y ac[...]

19-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Understanding Workgroup Bridge Mode Use this command to check the stand by conf iguration: show iapp standby-parms This command display s the MA C address of the standby acces[...]

19-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Wo rkgroup Bridge Mode Caution An access point in workgroup bridge mode can introd uce a bridge loop if you co nnect its Ethernet port to your wired LAN. T o [...]

19-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Understanding Workgroup Bridge Mode Figure 19-2 sho ws an a ccess point in workgroup br idge mode. Figur e 19 -2 Access P oint in W ork group Br idge Mo de Treating Workgroup [...]

19-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Understanding Wo rkgroup Bridge Mode bridges, t hat can ass ociate t o an access point or bridge. T o increase beyond 20 the number of w orkgroup bridges that can associate[...]

19-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Workgroup Bridge VLAN Tagging The follo wing e xample sho ws ho w the command is used . In the example, channels 1, 6, and 11 are specified to scan: ap# ap#confure terminal En[...]

19-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Configuring Work group Bridge Mode In the upstream direction, WGB remo ves the 802 .1q he ader from the pack et while sending to the WLC. In the downst ream direction while[...]

19-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Configuring Workgroup Bridge Mode This exampl e show s how to conf igure an 1100 series access point as a workgroup bri dge. In this exam ple, the workgrou p bridge uses the c[...]

19-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment This example sho ws how to set up a w orkgroup bridge with the parent access points, designated 1 and 2: AP(config-if)[...]

19-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Using Workgroup Bridges in a Lig htweight Environment • The workgroup bridge can be any autonomous acce ss point that supports the workgroup bridge mode and is running Cisco[...]

19-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment • When you delete a workgroup br idge record from the controller , all of the workgroup bridg e wired clients’ rec[...]

19-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Access Points OL-21881-03 Chapter 19 Configuring Repeater and Standby Access Poin ts and Workgroup Bridge Mode Using Workgroup Bridges in a Lig htweight Environment Enabling VideoStream Suppo rt on Workgroup Bridges V ideoStream impro ves the reliabil ity of an IP multicast stream by c[...]

19-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 19 Configur ing Repeater and Stan dby Access Points and Workgroup Br idge Mode Using Workgroup Bridge s in a Lightweight Environment[...]

CH A P T E R 20-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 20 Managing Firmwa re and Configura tions This ch apter descri bes how to mani pulate the Fla sh file syste m, how to copy con figuration files, a nd how to arch iv e (upload and down load) s oftwar e images . Note For comp lete syntax and usa ge in[...]

20-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith the Flash F ile System Displaying Available File Systems T o display t he available file s ystems o n your access point, use th e show file systems pri vileged EXEC comm and as s hown in this exam ple[...]

20-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with the Flash File System Setting the Def ault File System Y o u can specify th e f ile sy stem or direct ory that t he system uses a s the def ault file system b y using the cd filesystem: pri vile ged[...]

20-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith the Flash F ile System Creating and Remov ing Directo ries Beginning i n privileged E XEC mode, follow these ste ps to c reat e and remove a d irector y: T o delete a directory with all its f iles and[...]

20-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with the Flash File System • From a start u p conf iguration to a star tup conf igurati on • From a de vice to the same de vice (for e xampl e, the copy flash: flash: comm an d is i n valid ) For spe[...]

20-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith the Flash F ile System • For the T rivial Fil e T ransfer Protocol (TFTP), the synt ax is tftp: [[ // lo cation ] / dir ecto ry ] / ta r -file name .tar The tar -file name .ta r is th e tar f ile to[...]

20-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Configuration Files Extracting a tar File T o extract a tar f ile into a director y on the Flash fi le system, use this pri vileged EXEC command: ar chiv e tar /xtract sour ce-url flash :/ file- url[...]

20-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith Configur ation Files Y ou can co py ( dow nloa d ) configuratio n files from a T FTP , FTP , or RCP se rver to the ru nning configurati on of the ac cess point for various reasons: • T o restore a b[...]

20-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Configuration Files conf iguration is us ed. Ho we ve r , so me commands in the exi sting conf igurat ion might not be replace d or ne gated. In th is case, the re sulting conf iguration fi le is a [...]

20-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith Configur ation Files Preparing to Download or Uploa d a Configuration File by Using TFTP Before yo u begin dow nload ing or uplo ading a co nfiguration file by using TFTP , perfor m these task s: •[...]

20-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Configuration Files The conf iguration f ile do wnloads , and the comm ands ar e ex ecut ed as the f ile is parsed line -by-line . This ex ample s ho ws ho w to conf igure the softw are from the f [...]

20-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith Configur ation Files • The acce ss point fo rms a passwor d named use rname@ap name.do main . Th e variab le use rname is the usern ame as soc iated wit h the cu rrent ses sion, apname is the c onf[...]

20-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Configuration Files This exam ple shows how to copy a c onfiguration file named host1- confg from th e neta dmi n1 directory on the remot e server w ith a n IP a ddress of 172.1 6.101 .101 a nd to [...]

20-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith Configur ation Files This exam ple sh ows how to copy the runni ng con figuration file named ap2-c onfg to the netadmin1 directo ry on t he rem ote ho st wit h an IP addre ss of 172.1 6.101.101 : ap#[...]

20-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Configuration Files access to a server that supp orts the re mote she ll (rsh). (M ost UNIX syst ems suppo rt rsh.) Bec ause y ou are copying a file from one place t o anoth er , you mus t have rea[...]

20-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working w ith Configur ation Files ap1.company.com ap1 For more inform ation , refer to the docum entati on for your RCP server . Downloading a Configura tion File by Using RCP Beginning in privileged EXEC mode , [...]

20-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Configuration Files %SYS-5-CONFIG_NV:Non-volatile store configured from host2-config by rcp from 172.16.101.101 Uploading a Configuration File by Using RCP Beginn ing in pr i vilege d EXEC m ode, f[...]

20-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images Deleting a Stored Config uration File Cautio n Y ou cannot restore a file after it has been de leted. T o delete a sav ed configurat ion from Fl ash memory , use the delete f lash: f[...]

20-19 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images tar File Forma t of Images on a Server o r Cisco.co m Softw are image s located on a ser ver or do wnloaded f rom Cisco.com are pr ovided in a tar f ile format, which contains th es[...]

20-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images Note Y ou must restart the in etd daemon after modif ying the /etc/inetd.c onf and /etc /services files. T o restar t the daem on, e ither st op the inetd p rocess and restar t it, o[...]

20-21 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images Note T o a void an uns uccessf ul do wnload, use the archive do wnload-sw /safe comm and, w hich d ownloads the image f irst and does not delete the current runnin g version until t[...]

20-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images The algor ithm installs the do wnloaded ima ge on the system board Fl ash de vice (flash:). T he image is placed in to a ne w directory nam ed with the software versio n string, and [...]

20-23 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images • Downloading a n Ima ge File by Using FTP , page 20-2 4 • Uploadi ng an I mage Fi le by Us ing FTP , pa ge 2 0-26 Preparing to Download or Uploa d an Image File by Using FTP Y [...]

20-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images For more inform ation , refer to the docum entati on for your FTP server . Downloading an Image File by Using FTP Y o u can d o wnload a ne w image f ile an d ov erwrite the current [...]

20-25 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images Note T o a void an uns uccessf ul do wnload, use the archive do wnload-sw /safe comm and, w hich d ownloads the image f irst and does not delete the current runnin g version until t[...]

20-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images If you spe cify the /lea ve-old-sw , the existi ng files are n ot re moved. If the re is no t en ough spac e to in stall the new image an d keep the r unning i mag e, the download pr[...]

20-27 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images The archi ve upload-sw command b uilds an image f ile on the server b y uploading these f iles in order: info, the Cisco IOS imag e, the HTML f iles, and info.v er . After these f i[...]

20-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images RCP requires a c lient to send a rem ote usernam e on each RCP reque st to a server . When you copy an image from the access point to a server by using RCP , the Cisco IO S software [...]

20-29 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images Downloading an Image File by Using RCP Y o u can d o wnload a ne w image f ile and replac e or k eep the cu rrent i mage. Cautio n For the download and up load algor ithms to operat[...]

20-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images Note T o a void an uns ucces sful do wnload, use the archive do wnload-sw /safe comm and, w hich d ownloads the image f irst and does not delete the current runnin g version until th[...]

20-31 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images Note If the Flash device h as suff icient spac e to hold t wo images a nd you want t o overwrite one of these ima ges with the same ve rsion, you must specify the /overwr ite optio [...]

20-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images The archive upl oad-sw pri vileged EXEC comman d buil ds an image f ile on the serv er b y uploadin g these fi les in order: info, th e Cisco IOS image, the HTML f iles, and info.ver[...]

20-33 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 0 Managing Firm ware and Configurat ions Working with Software Images Step 7 Click the Upgrade button. For additional informatio n, click the Help icon on the Software Upgrade screen. Browser TFTP Interface The TFTP in terf ace allo ws you to use a TF[...]

20-34 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 20 Managing Firmware and Configurations Working wi th Soft ware Images[...]

CH A P T E R 21-1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 21 Configuring System Message Logg ing This chapter d escribes how to configure system me ssage log ging on yo ur acce ss point. Note For comp lete syntax and usa ge inform ation for the co mmands used in this c hapter , refer to the C isc o IOS Con[...]

21-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configur ing Syste m Message Logg ing Underst andin g System Me ssag e Loggi ng Understandin g System Messa ge Logging By default , access p oints se nd the output from syst em messa ges and deb ug privileged E XEC com mand s to a logging proc ess. T[...]

21-3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configuring Syste m Message L ogging Config uring S ystem Message Loggi ng T able 21-1 describes the elements of syslog messages. This example shows a partial access point system message: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed sta[...]

21-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configur ing Syste m Message Logg ing Configur ing System Message L ogging Disabling an d Enab ling Me ssage Logg ing Message logging is enabled by default. It must be enabled to send messages to any destination othe r than the conso le. Wh en e nabl[...]

21-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configuring Syste m Message L ogging Config uring S ystem Message Loggi ng Setting th e Messag e Disp lay Destination Device If message logging is enabled, you can se nd messages to specif ic loc ations in a ddition to the co nsole. Beginning in priv[...]

21-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configur ing Syste m Message Logg ing Configur ing System Message L ogging Enabling a nd Disab ling Times tamps on Lo g Mes sages By def ault, log messages ar e not tim estamped. Beginn ing in pri vileg ed EXEC mode, follo w these steps to enable tim[...]

21-7 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configuring Syste m Message L ogging Config uring S ystem Message Loggi ng This example shows part of a log ging display wit h sequenc e numbers e nabled : 000019: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) Defining the Messag e [...]

21-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configur ing Syste m Message Logg ing Configur ing System Message L ogging T able 21-3 des cribe s the le vel keywords. It a lso list s the correspo nding U NIX s yslog de finitions from the most se vere le vel to the least se vere lev e l. The sof t[...]

21-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configuring Syste m Message L ogging Config uring S ystem Message Loggi ng Beginn ing in pr i vilege d EXEC m ode, follo w these step s to ch ange the le vel an d history ta ble size defaults: When the histor y table is full (i t contains th e maximu[...]

21-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configur ing Syste m Message Logg ing Configur ing System Message L ogging Configuring UNIX Syslog Servers The next sectio ns d escrib e how to configure the 4 .3 BSD U NIX server s yslog da emon and de fine the UNIX syst em logging f acility . Logg[...]

21-11 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configuring Syste m Message L ogging Config uring S ystem Message Loggi ng T o remov e a syslog serv er , use the no logging ho st globa l configurat ion co mman d, and specif y the syslo g server IP address. T o di sable logging to syslog servers, [...]

21-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Chapter 2 1 Configur ing Syste m Message Logg ing Display ing the Log ging Confi guration Displaying the Log ging Configuration T o display the cu rrent log ging conf igurati on and the co ntents of th e log b uf fer , use the show logging pri v ileg ed EXEC co[...]

CH A P T E R 22-1 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 22 Troubleshooting This chapter pro vides troubleshooting procedures for basic p roblems with the wireless de vice. For the most up-to-date, detail ed troubleshooting i nformation, refer to the Cisco T A C website at the following URL (select T op[...]

22-2 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Checking the Top Panel Indicators If your wireless device is not communicating, check th e three LED indicators on the top panel to quickly assess the device’ s status. Figure 22-1 sho w s the ind[...]

22-3 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Figur e 22-2 Indicators on the 1 1 00 Series A ccess Point Figure 22-3 Indicators on the 350 Se r ies Access P oint (Plastic Case) Ethernet Status Radio 81597 S CISCO AIRONET 350 SERIES WIRELESS ACC[...]

22-4 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Figure 22-4 Indicators on the 350 Se r ies Access P oint (Metal Case) The indicator sign als on the wirel ess de vice hav e the follo wing meanings ( for additional det ails refer to T able 22-1 ): [...]

22-5 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note Regarding LED status colors, it is expected that there will be small v ariations in color intensity and hue from unit to unit. This is within the normal range of the LED manufa cturer’ s spec[...]

22-6 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators The LED signals are listed in Ta b l e 2 2 - 2 . T able 22-2 LED Signals Message type Cable Bay Area T op of Unit Meaning Ethernet LED Radio LED Status LED Boot loader st atus Green Green Green DRAM[...]

22-7 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note Regarding LED status colors, it is expected that there will be small v ariations in color intensity and hue from unit to unit. This is within the normal range of the LED manufa cturer’ s spec[...]

22-8 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Indicators on 1040 or 1140 Series Access Point If your access point i s not working pro perly , check the Ether net and Status LEDs of the unit. Y ou can use the LED indications to quickly assess th[...]

22-9 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators 48VD C MO D E CO NSOL E ET HE RNE T 207523 2 3 4 1 1 Reset Button 3 Ethernet LED 2 Console LED 4 DC Power T able 22-3 1 040 or 1 140 Ser ies Access P oint LED Signals Message type Ethernet LED Statu[...]

22-10 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Note It is expected that there will be small va riations in LED color intensity and hue from unit to unit. This is within the normal range of th e LED manufact urer’ s specifications and is not a[...]

22-11 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Indicators on 1240 Series Access Points If your access point is not w orking properly , check the Status, Ethernet, and Radio LEDs on the 2.4 GHz end of the unit. Y ou can use the LED indications t[...]

22-12 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Note It is expected that there will be small va riations in LED color intensity and hue from unit to unit. This is within the normal range of th e LED manufact urer’ s specifications and is not a[...]

22-13 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Indicators on 1250 Access Points If your access point is not w orking properly , check the Ethernet, Status, and Radio LEDs on the 2.4 GHz end of the unit. Y ou can use the LED indications to quick[...]

22-14 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators T able 22-5 1250 Ser ies Access P oint LED Signals Message type Ethernet LED Status LED Radio LED Meaning Boot loader status Green Off Amber DRAM test in progress. Green Green Green DRAM memory tes[...]

22-15 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note It is expect ed that there will be small v ariations in LED color intensity and hue from unit to unit. Th is is within the normal range of th e LED manufact urer’ s specifications and is not[...]

22-16 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Figur e 22-8 1260 Series A ccess P oint LED T able 22-6 shows th e 1260 access point LED indicators for v arious conditions. T able 22-6 1260 Access P oint LED Stat us Indicators 1 207522 1 Status [...]

22-17 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Indicators on 1300 Outdoor Access Point/Bridges If your access point/bridge is no t associating with a remote bridge or access point, check the four LEDs on the back panel. Y ou can use them to qui[...]

22-18 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Figur e 22-9 LEDs 1300 Series AP Mode LED Indications During access poi nt/bridge op eration the LEDs provide status information as sho wn in T abl e 22-7 . R Radio LED E Ethernet LED S Status LED [...]

22-19 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking the Top Pan el Indicators Note It is expect ed that there will be small v ariations in LED color intensity and hue from unit to unit. Th is is within the normal range of th e LED manufact urer’ s specifications and is not[...]

22-20 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking the Top Panel Indicators Power Injector When the po wer injector is po wered up, it applie s 48-VDC to the dual-coax cables to the access point/bridge. When po wer is applied to the access point/bridge, th e unit activ ate[...]

22-21 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Checking Power • Cisco Aironet Power Injector LR2— standard (incl uded with th e bridge) – 48-VDC inpu t power – Uses the 48-VDC po wer module (included with the bridge) • Cisco Aironet Po wer Injector LR2 T—optional tra[...]

22-22 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Checking Basic Settings access point remains in lo w power mode with t he radios disabled to pre vent a possible o ver -current condition. In lo w power mode, the access point acti vates the S tatus LED low po wer error indication,[...]

22-23 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Resetting to the Default Configuration Note The wireless de vice MA C address that appears on the Status page in the Aironet Client Utility (A CU) is the MA C address for the wireless de vice radio. The MA C address for the access p[...]

22-24 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Resetting to th e Default Configuration Using the Web Browser Interface Follo w these steps to delete the current conf iguration and return all wireless de vice settings to the factory defaults usin g the web bro wser interface: St[...]

22-25 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Reloading the Access Point Image flashfs[0]: flashfs fsck took 0 seconds. ...done initializing Flash. Step 5 Use the dir flash: command to display the contents of Flash and f ind the config.txt conf iguration fil e. ap: dir flash: D[...]

22-26 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Reloading the A ccess Point Image Using the MODE button Y ou can use t he MODE but ton on 1040, 1100 an d 1200 series access point s to reload the access point image file from an acti ve Tri vial File T ransfer Pr otocol (TFTP) ser[...]

22-27 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Reloading the Access Point Image Browser HTTP Interface The HTTP interface enables you to bro wse to the wireless de vice image file on your PC and do wnload the image to the wireless de vice. Follo w the instructions belo w to use [...]

22-28 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Reloading the A ccess Point Image Using the CLI Follo w the steps belo w to reload the wirele ss de vice image using the CLI. When the wireless de vice begins to boot, you interrupt the boot process and use boot loader comm ands to[...]

22-29 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Reloading the Access Point Image extracting c350-k9w7-mx.122-13.JA1/html/level1/appsui.js (558 bytes) extracting c350-k9w7-mx.122-13.JA1/html/level1/back.htm (205 bytes) extracting c350-k9w7-mx.122-13.JA1/html/level1/cookies.js (502[...]

22-30 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Image Recovery on the 1520 Access Point Step 6 Click IOS . A list of a vailable Cisco IOS versions appears. Step 7 Choose the v ersion you wish to do wnload. The do wnload page for the v ersion you chose appears. Step 8 Click WIREL[...]

22-31 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Image Recovery on the 1520 Access Point T o perform image recovery on the 15 20 access point, follo w these steps: Step 1 W ith the access point powered of f, connect an RJ45 consol e cable to the console port (). The console port i[...]

22-32 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Image Recovery on the 1520 Access Point Note If the ENABLE_BREAK=no envir onmental variab le is set, you will not be able to escape to the bootloader . Step 5 Cable the 1520 access p oint’ s LAN port (“PoE In”) to a TFTP serv[...]

22-33 Cisco IOS Software Configuratio n Guide for Cisco Aironet Ac cess Points OL-21881-03 Chapter 22 Troubleshooting Image Recovery on the 1520 Access Point MAC_ADDR=00:1F:27:75:DB:00 MAC_ADDR_BLOCK_SIZE=01 00 NETMASK=255.255.255.0 NEW_IMAGE=yes PCA_ASSY_NUM_800=03 20 00 70 ed 03 PCA_PART_NUM_73=49 2a a6 03 PCA_REVISION_NUM=B0 PCA_REVISION_NUM_800[...]

22-34 Cisco IOS Software Configuration Gu ide for Cisco Airo net Access Points OL-21881-03 Chapter 22 Troublesho oting Image Recovery on the 1520 Access Point[...]

A- 1 Cisco IOS Software Configuration Guide for Cisco Airone t Access Points OL-21881-03 APPENDIX A Protocol Filters The tables in th is appendix list some of the protocol s that you can f ilter o n the access poin t. The tables includ e: • Ta b l e A - 1 , Ethertype Protoc ols • Ta b l e A - 2 , IP Protoc ols • Ta b l e A - 3 , IP Port Pr ot[...]

A- 2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendix A P rotocol Filters T able 0-1 Ethertyp e Pr ot ocols Protocol Additional Identifier ISO Designator ARP — 0x0806 RARP — 0x8035 IP — 0x0800 Berkeley Trailer Negotiation — 0x1000 LAN T es t — 0x0708 X.25 Level3 X.25 0x0805 Ban yan — 0x0 B AD C[...]

A-3 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix A Protocol Filter s T able 0-2 IP Prot ocols Protocol Additional Identifier ISO Designator dummy — 0 Interne t Cont rol M essage Protocol ICMP 1 Inte rnet Group M anag ement Pro tocol IG MP 2 T rans mission Cont rol Protocol TCP 6 Exteri or Ga tew ay[...]

A- 4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendix A P rotocol Filters T able 0-3 IP P or t Pr otoc ols Protocol Additional Identifier ISO Designator TCP port service multipl ex er tcpmux 1 echo — 7 disc ard (9) — 9 syst at (1 1) — 11 dayti me (13) — 13 netstat (15) — 15 Quot e of t he Da y qo[...]

A-5 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix A Protocol Filter s TSAP iso-t sap 102 CSO Name Serv er cso-ns csnet-ns 105 Remot e T eln et rtelnet 107 Postoff i ce v2 POP2 POP v2 109 Postoff i ce v3 POP3 POP v3 110 Sun RPC sunrp c 111 tap ident authentic ation auth 113 sftp — 115 uucp -path — [...]

A- 6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendix A P rotocol Filters SNMP Unix Multiple xer smux 1 99 Appl eT alk Routing at -rtmp 201 Appl eT alk name bin ding a t-nbp 202 Appl eT alk echo at-ech o 204 Appl eT alk Zone In format ion a t-zi s 206 NISO Z39. 50 database z395 0 210 IPX — 213 Interacti [...]

B-1 Cisco IOS Software Configuration Guide for Cisco Airone t Access Points OL-21881-03 APPENDIX B Supported MIBs This appe ndix lists the Simple Network Manage ment Protoc ol (SNMP) Mana gement Inf ormati on Bases (MIBs) that the access point supports for this software release. The Cisco IOS SNMP agent supports SNMPv1, SN MPv2, and SNMP v3. Th is [...]

B-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x B Supported MI Bs Using FTP to Acces s the MIB Files • CISCO- MEM OR Y -POO L-M IB • CISCO-PR OCESS-MIB • CISCO-PR ODUCTS-MIB • CISCO- SMI-M IB • CISCO- TC-M IB • CISCO-SYSLOG-MI B • CISCO-WDS-INFO-MIB • ENTI TY -MIB • IF-M IB • OLD-[...]

C-1 Cisco IOS Software Configuration Guide for Cisco Airone t Access Points OL-21881-03 APPENDIX C Error and Event Messages This appendi x lists the CLI error and e ven t messages. The appendix contains the follo wing sections: • Con ventions, page C- 2 • Sof twar e Aut o Upgr ade Mess age s, pa ge C-3 • Associati on Managem ent Messages, pag[...]

C-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages Conv ent ions Conven tions System error messages are displayed in the format shown in Ta b l e 3 - 1 . T able 3-1 Syst em Er r or Mess ag e For mat Message Comp onent D escr iption Exa mple Error identif ier A string catego r[...]

C-3 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s Software Auto Upgrade Messages Software Auto Upgrade Messages Error Message SW-AUTO-UPGRADE-2-FATAL_FAILURE: “Attempt to upgrade software failed, software on flash may be deleted. Plea se copy software into flash. Explanat[...]

C-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages Softwa re Auto Up grade Me ssage s Error Message AUTO-INSTALL-4-IP_ADDRESS_DHCP : “The radio is operating in au tomatic install mode and has set ip address dh cp.” Explanati on The radio is operating in automatic install [...]

C-5 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s Associa tion Mana gement Messages Association Mana gement Messages Error Message DOT11-3-BADSTATE: “% s %s ->%s.” Explanati on 802.11 assoc iation an d mana gement uses a table -dri ven sta te machin e to kee p track [...]

C-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages Unzip Mess ages Error Message DOT11-4-DIVER_USED: Interface $s, Mcs rates 8-15 disabled due to only one transmit or recieve antenna enable d Explanati on These rates require th at at least 2 recei ve and transmit anten nas be[...]

C-7 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s System Log Messa ges System Log Messages Erro r Mes sag e %DOT11-4-LOADING_RADIO: Interface [chars], loading the radio firmware ([chars]) Explanati on The r adio h as been stoppe d to l oad new firmware. Recommended Ac tion [...]

C-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages 802.11 Subsyst em Me ssages 802.11 Subsystem Mes sages Error Message DOT11-6-FREQ_USED: “Interface %s, frequency %d select ed.” Explanati on After sc anni ng for an unused freque ncy , the indic ated int erface select ed [...]

C-9 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s 802.11 Subs ystem Messages Error Message DOT11-3-TX_PWR_OUT_OF_RANGE: “Interface % s Radio transmit po wer out of range.” Explanati on The transmitter po wer le vel is outside th e normal range on the i ndicated radio in[...]

C-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages 802.11 Subsyst em Me ssages Error Message DOT11-6-DFS_SCAN_START: “DFS: Scanning frequency %d M Hz for %d seconds.” Explanati on The d e vice ha s begun its DFS scan ning proc ess. Recommended Ac tion None. Error Message[...]

C-11 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s 802.11 Subs ystem Messages Error Message DOT114-NO_MBSSID_BACKUP_VLAN: “Backup VLANs cannot be configured if MBSSID is not enabled. %s not started. Explanati on T o enable a bac kup VLAN , MBSSID mod e should be co nfigur[...]

C-12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages 802.11 Subsyst em Me ssages Error Message DOT11-2-UPLINK_FAILED: “Uplink to parent failed: %s.” Explanati on The con necti on to the pa rent acce ss point failed fo r the displ ayed re ason. Th e uplin k will stop i ts c[...]

C-13 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s 802.11 Subs ystem Messages Error Message DOT11-4-MAXRETRIES: “Packet to client %e reached max retries, removing the client.” Explanati on The ma ximum packet send retry limit ha s bee n reac hed and the client is being [...]

C-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages 802.11 Subsyst em Me ssages Error Message DOT11-4-RADIO_NO_FREQ: “Interface &s, all frequencies have been blocked, interface not started.” Explanati on The fre quen cies set for ope ration a re inv al id and a chan n[...]

C-15 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s 802.11 Subs ystem Messages Error Message DOT11-4-FLASHING_RADIO: “Interface %s, flashing ra dio firmware (%s).” Explanati on The indicated inter face r adio has been stopped to load the indicated ne w f irmware. Recomme[...]

C-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages 802.11 Subsyst em Me ssages Error Message DOT11-4-UPLINK_LINK_DOWN: “Interface %s, parent lost: %s.” Explanati on The conn ection to the paren t acc ess poi nt on th e ind icated interf ace was lo st for the reason in di[...]

C-17 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s 802.11 Subs ystem Messages Error Message DOT11-6-ANTENNA_GAIN: “Interface %s, antenna position /gain changed, adjusting transmitter power.” Explanati on The ante nna gain ha s changed so the l ist of allowed power le ve[...]

C-18 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages 802.11 Subsyst em Me ssages Error Message DOT11-4-CCMP_REPLAY: “AE S-CCMP TSC rep lay was detected on packet (TSC 0x%11x received from &e).” Explanati on AES-CCMP TSC re play was indic ated on a frame. A replay of th[...]

C-19 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s 802.11 Subs ystem Messages Error Message DOT11-3-TKIP_MIC_FAILURE_REPEATED: “Two TKIP Michael MIC failures were detected within %s seconds on %s inter face. The interface will be put o n MIC failure hold state for next %d[...]

C-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages 802.11 Subsyst em Me ssages Error Message DOT11-4-NO_VLAN_ID: “VLAN id %d from Radius server is not configured for station %e.” Explanati on The VL AN ID retu rned by the Radius ser ver must be configured on the access p[...]

C-21 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s Inter -Access Poi nt Prot ocol Messages Error Message SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: “IOS crypto FIPS self test passed.” Explanati on SO AP FIPS self test passed. Recommended Ac tion None. Error Message SOAP_FIPS-2-[...]

C-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages Local A uthentic ator Mess ages Local Authentic ator Messages Error Message RADSRV-4-NAS_UNKNOWN: Unknown authenticator: [ip-addr ess] Explanati on The loc al RADIU S serv er recei ved an authent ication requ est b ut do es [...]

C-23 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s Local Au thentica tor Messages Error Message DOT1X-SHIM-3-UNSUPPORTED_KM: “Unsupported key managem ent: %X.” Explanati on Am error o ccurred d uring the initializa tion of th e shim l ayer . An unsu pported k ey managem[...]

C-24 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages WDS Mess ages out be fore tryi ng th e next configured se rver . A Radiu s server marked a s dead is sk ipped by additi onal re quests fo r the du ratio n of the m inute s unless a ll ser vers are ma rked dead . Configurin g[...]

C-25 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s Mini IO S Messages Error Message WLCCP-NM-3-WNM_LINK_DOWN: Link to WNM is down Explanati on The networ k manage r is not respondi ng to keep-act iv e messages. Recommended Acti on C heck fo r a problem with the net work man[...]

C-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages Access Point/Brid ge Mes sages Error Message Saving this config to nvram may corrupt any network m anagement or security files stored at the end of nv ram. Continue? [no]: Explanati on This warn ing me ssage di splays on the[...]

C-27 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s Exter nal Ra dius Serv er Error Messages External Radius Server Error Me ssages Error Message RADUYS:response-authenticator decrypt fail, paklen 32 Explanati on This err or message means that there is a mis match in the RAD[...]

C-28 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages Sens or Me ssag es Sensor Messages Error Message SENSOR-3-TEMP_CRITICAL: System sensor “d” has exceede d CRITCAL temperature thresholds Explanati on One of the m easured en vironmen tal te st poi nts e xceeds the ex trem[...]

C-29 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s SNMP Err or Messages Error Message SENSOR-3-VOLT_NORMAL: System sensor “d”(“d”) is now o perating under NORMAL voltage Explanati on One of the me asured e n vironment al test points is under norma l operating voltag[...]

C-30 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages SSH Error Mes sages Erro r Mes sag e SNMP-4-NOENGINEIDV6: Remote snmpEngineID for U nrecognized format ‘ %P’ n ot found when creatin g user: “s” Explanati on An attempt to cre ate a u ser f ailed.This is lik ely b ec[...]

C-31 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 Append ix C Error and Event Message s SSH Error Messages Error Message SSH-5-SSH_CLOSE: SSH Session from “%s”(tty = “%d”) fo r user ’”%s”’ using crypto cipher ’”%s”’ closed Explanati on The SSH Session closure info rmation Recommended Ac[...]

C-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 Appendi x C Error and Event Mess ages SSH Error Mes sages[...]

GL-1 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 GLOSSAR Y 802.11 T he IEEE standa rd that specif ies carrier s ense med ia acce ss contr ol and ph ysic al layer sp ecification s for 1- a nd 2-megabit -per-second ( Mbps) wirele ss LAN s operati ng in the 2. 4-GHz band. 802.11a T he IEEE standa rd that specif [...]

Glos sary GL-2 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 beacon A wireless LA N packe t that sign als the a vailability and prese nce of th e wireless de vic e. Beacon pack ets are se nt by access points and base st ations ; ho we ver , client rad io cards send be acons when ope rating i n computer t o compu[...]

Glossary GL-3 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 dipole A ty pe of lo w-gain (2. 2-dBi) an tenna consisti ng of tw o (of ten intern al) ele ments. domai n name The text na me tha t refers t o a group ing of networks or netwo rk resourc es base d on organization- type or ge ography ; for example: name[...]

Glos sary GL-4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 IP subnet m ask Th e num ber used to ident ify t he IP subnet work, i ndicating whe ther th e IP address ca n be recog nized on th e LAN or if it mu st be reache d throu gh a gate way . This number is ex pressed in a form similar to an IP addr ess; for[...]

Glossary GL-5 Cisco IOS Software Configuration Guide for Cisco Air onet Access Points OL-21881-03 roaming A fe ature of so me Acce ss Points that allo ws users to mo ve through a fac ility while m aintaining an unbroken c onnectio n to the LAN. RP-TNC A connec tor t ype uni que to Cis co Ai ronet radios and a ntenna s. Part 1 5.203 of the FCC rules[...]

Glos sary GL-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-21881-03 W WDS W ireless Domain Services (WDS). An access point pro viding WDS on your wire less LAN m aintains a cache o f cred ential s for C CKM-capab le client devi ces on your wirele ss LAN. When a CCK M-cap able cli ent roams fro m one access point to ano[...]