hit counter script
Cisco M10-RM Software Manual
Cisco M10-RM Software Manual

Cisco M10-RM Software Manual

Cisco ios releases 12.4(10b)ja and 12.3(8)jec
Hide thumbs Also See for M10-RM:
Table of Contents

Advertisement

Cisco IOS Software Configuration Guide
for Cisco Aironet Access Points
Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC
May 2010
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-14209-01

Advertisement

Table of Contents
loading

Summary of Contents for Cisco M10-RM

  • Page 1 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points Cisco IOS Releases 12.4(10b)JA and 12.3(8)JEC May 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.
  • Page 3: Table Of Contents

    Enabling HTTPS for Secure Browsing CLI Configuration Example 2-13 Deleting an HTTPS Certificate 2-13 Using Online Help 2-14 Changing the Location of Help Files 2-14 Disabling the Web-Browser Interface 2-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 4 Connecting to the 1200, 1230, 1240, and 1250 Series Access Points Locally Connecting to the 1300 Series Access Point/Bridge Locally Default Radio Settings Assigning Basic Settings Default Settings on the Express Setup Page 4-14 Configuring Basic Security Settings 4-16 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 5 Defining AAA Server Groups 5-12 Configuring RADIUS Authorization for User Privileged Access and Network Services 5-14 Displaying the RADIUS Configuration 5-15 Controlling Access Point Access with TACACS+ 5-15 Default TACACS+ Configuration 5-15 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 6 Default System Name and Prompt Configuration 5-32 Configuring a System Name 5-32 Understanding DNS 5-33 Default DNS Configuration 5-33 Setting Up DNS 5-34 Displaying the DNS Configuration 5-35 Creating a Banner 5-35 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 7 Blocking Channels from DFS Selection 6-19 Setting the 802.11n Guard Interval 6-20 Configuring Location-Based Services 6-21 Understanding Location-Based Services 6-21 Configuring LBS on Access Points 6-21 Enabling and Disabling World Mode 6-22 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 8 Using a RADIUS Server to Restrict SSIDs Configuring Multiple Basic SSIDs Requirements for Configuring Multiple BSSIDs Guidelines for Using Multiple BSSIDs Configuring Multiple BSSIDs CLI Configuration Example 7-10 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points viii OL-14209-01...
  • Page 9 Non-Root Bridge with VLANs 8-13 Displaying Spanning-Tree Status 8-14 Configuring an Access Point as a Local Authenticator Understanding Local Authentication Configuring a Local Authenticator Guidelines for Local Authenticators Configuration Overview Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 10 11-13 Configuring Additional WPA Settings 11-14 Configuring MAC Authentication Caching 11-15 Configuring Authentication Holdoffs, Timeouts, and Intervals 11-16 Creating and Applying EAP Method Profiles for the 802.1X Supplicant 11-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 11 Management Frame Protection 12-24 Overview 12-25 Protection of Unicast Management Frames 12-25 Protection of Broadcast Management Frames 12-25 Client MFP For Access Points in Root mode 12-25 Configuring Client MFP 12-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 12 Understanding TACACS+ 13-23 TACACS+ Operation 13-24 Configuring TACACS+ 13-24 Default TACACS+ Configuration 13-25 Identifying the TACACS+ Server Host and Setting the Authentication Key 13-25 Configuring TACACS+ Login Authentication 13-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 13 AVVID Priority Mapping 15-10 WiFi Multimedia (WMM) 15-10 Adjusting Radio Access Categories 15-10 Configuring Nominal Rates 15-12 Optimized Voice Settings 15-12 Configuring Call Admission Control 15-12 QoS Configuration Examples 15-14 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xiii OL-14209-01...
  • Page 14 SNMP Agent Functions 18-4 SNMP Community Strings 18-4 Using SNMP to Access MIB Variables 18-4 Configuring SNMP 18-5 Default SNMP Configuration 18-5 Enabling the SNMP Agent 18-5 Configuring Community Strings 18-6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 15 19-16 Configuring Workgroup Bridge Mode 19-16 The Workgroup Bridge in a Lightweight Environment 19-18 Guidelines for Using Workgroup Bridges in a Lightweight Environment 19-18 Sample Workgroup Bridge Configuration 19-20 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 16 Working with Software Images 20-18 Image Location on the Access Point 20-18 tar File Format of Images on a Server or Cisco.com 20-19 Copying Image Files by Using TFTP 20-19 Preparing to Download or Upload an Image File by Using TFTP...
  • Page 17 Indicators on 1240 Series Access Points 22-9 Indicators on 1250 Access Points 22-11 Indicators on 1300 Outdoor Access Point/Bridges 22-14 Normal Mode LED Indications 22-14 Power Injector 22-16 Checking Power 22-17 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xvii OL-14209-01...
  • Page 18 Inter-Access Point Protocol Messages C-20 Local Authenticator Messages C-21 WDS Messages C-23 Mini IOS Messages C-24 Access Point/Bridge Messages C-25 Cisco Discovery Protocol Messages C-25 External Radius Server Error Messages C-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xviii OL-14209-01...
  • Page 19 Contents LWAPP Error Messages C-26 Sensor Messages C-27 SNMP Error Messages C-28 SSH Error Messages C-29 L O S S A R Y N D E X Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 20 Contents Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 21 This guide is for the networking professional who installs and manages Cisco Aironet Access Points. To use this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of wireless local area networks.
  • Page 22 Chapter 14, “Configuring VLANs,” describes how to configure your access point to interoperate with the VLANs set up on your wired LAN. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 23 Chapter 17, “Configuring CDP,” describes how to configure Cisco Discovery Protocol (CDP) on your access point. CDP is a device-discovery protocol that runs on all Cisco network equipment. Chapter 18, “Configuring SNMP,” describes how to configure the Simple Network Management Protocol (SNMP) on your access point.
  • Page 24 La traduzione delle avvertenze riportate in questa pubblicazione si trova nell’appendice, “Translated Safety Warnings” (Traduzione delle avvertenze di sicurezza). Cisco IOS Software Configuration Guide for Cisco Aironet Access Points xxii OL-14209-01...
  • Page 25: Related Publications

    Cisco Aironet 802.11g Radio Upgrade Instructions Cisco Aironet 1250 Series Access Point Radio Upgrade Instructions • Release Notes for Cisco Aironet 1240 and 1300 Series Access Points for Cisco IOS Release • 12.4(10b)JA Release Notes for Cisco Aironet 1100 and 1200 Series Access Points for Cisco IOS Release •...
  • Page 26 For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
  • Page 27: Overview

    LAN solution that combines mobility and flexibility with the enterprise-class features required by networking professionals. With a management system based on Cisco IOS software, Cisco Aironet access pointwireless devices are Wi-Fi certified, 802.11a-compliant, 802.11b-compliant, 802.11g-compliant, and pre-802.11n-compliant wireless LAN transceivers.
  • Page 28: Features

    Note The proxy Mobile-IP feature is not supported in Cisco IOS Releases 12.3(2)JA and later. Note Cisco IOS Release 12.3(8)JEC is a maintenance release only. No new features are included in this release. Features Introduced in This Release Table 1-1 lists the new features in Cisco IOS Release 12.4(10b)JA and the supported platforms.
  • Page 29: Roaming Client Devices

    (associate) through another access point. The roaming process is seamless and transparent to the user. Figure 1-1 shows access points acting as root units on a wired LAN. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 30: Repeater Access Point

    Consult the “Configuring a Repeater Access Point” section on page 19-3 for instructions on setting up an access point as a repeater. Non-Cisco client devices might have difficulty communicating with repeater access points. Note Figure 1-2 Access Point as Repeater...
  • Page 31: Bridges

    Ethernet port. For example, if you need to provide wireless connectivity for a group of network printers, Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 32: Central Unit In An All-Wireless Network

    Figure 1-6 shows an access point in an all-wireless network. Figure 1-6 Access Point as Central Unit in All-Wireless Network Access point Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 33: Using The Web-Browser Interface

    The wireless device web-browser interface is fully compatible with Microsoft Internet Explorer Note version 5.56.0 on Windows 98, 2000, and XP platforms, and with Netscape version 7.17.0 on Windows 98, 2000, XP, and Solaris platforms. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 34 CLI, the web-browser interface might display an inaccurate interpretation of the configuration. However, the inaccuracy does not necessarily mean that the wireless device is misconfigured. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 35: Using The Web-Browser Interface For The First Time

    Changes are only applied when you click Apply. Figure 2-1 shows the web-browser interface home page. Figure 2-1 Web-Browser Interface Home Page Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 36: Using Action Buttons

    Telnet/SSH, CDP, domain name server, filters, QoS, SNMP, SNTP, and VLANs. Wireless Services Displays a summary of wireless services used with CCKM and provides links to WDS configuration pages. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 37: Character Restrictions In Entry Fields

    Discards any changes made to the page and returns to the previous page. Character Restrictions in Entry Fields Because the 1200 series access point uses Cisco IOS software, tThere are certain characters that you cannot use in the entry fields on the web-browser interface. You cannot use these characters in entry fields: “...
  • Page 38 Enter a name for the access point in the System Name field and click Apply. Step 3 Browse to the Services – DNS page. Figure 2-3 shows the Services – DNS page. Step 4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 39 Services – DNS Page Select Enable for Domain Name System. Step 5 In the Domain Name field, enter your company’s domain name. At Cisco Systems, for example, the Step 6 domain name is cisco.com. Enter at least one IP address for your DNS server in the Name Server IP Addresses entry fields.
  • Page 40 Select the Enable Secure (HTTPS) Browsing check box and click Apply. Enter a domain name and click Apply. Step 12 Although you can enable both standard HTTP and HTTPS, Cisco recommends that you enable Note one or the other. A warning window appears stating that you will use HTTPS to browse to the access point. The window also instructs you to change the URL that you use to browse to the access point from http to https.
  • Page 41 Click View Certificate to accept the certificate before proceeding. (To proceed without accepting the Step 15 certificate, click Yes, and skip to Step 24 in these instructions.) Figure 2-7 shows the Certificate window. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 42 Figure 2-7 Certificate Window Step 16 On the Certificate window, click Install Certificate. The Microsoft Windows Certificate Import Wizard appears. Figure 2-8 shows the Certificate Import Wizard window. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-10 OL-14209-01...
  • Page 43 Enabling HTTPS for Secure Browsing Figure 2-8 Certificate Import Wizard Window Click Next. The next window asks where you want to store the certificate. Cisco recommends that you Step 17 use the default storage area on your system. Figure 2-9 shows the window that asks about the certificate storage area.
  • Page 44 Step 19 Figure 2-11 Certificate Security Warning Click Yes. Windows displays another window stating that the installation is successful. Figure 2-12 Step 20 shows the completion window. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-12 OL-14209-01...
  • Page 45: Cli Configuration Example

    In this example, the access point system name is ap1100, the domain name is company.com, and the IP address of the DNS server is 10.91.107.18. For complete descriptions of the commands used in this example, consult the Cisco IOS Commands Master List, Release 12.3. Click this link to browse to the master list of commands: http://www.cisco.com/en/US/docs/ios/mcl/123mcl/TD-Book-Wrapper.html...
  • Page 46: Using Online Help

    Cisco maintains up-to-date HTML help files for access points on the Cisco web site. By default, the access point opens a help file on Cisco.com when you click the help button on the access point web-browser interface. However, you can install the help files on your network so your access points can access them there.
  • Page 47: Disabling The Web-Browser Interface

    Services: HTTP-Web Server page and click Apply. To re-enable the web-browser interface, enter this global configuration command on the access point CLI: ap(config)# ip http server Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-15 OL-14209-01...
  • Page 48 Chapter 2 Using the Web-Browser Interface Disabling the Web-Browser Interface Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 2-16 OL-14209-01...
  • Page 49: Using The Command-Line Interface

    C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) that you can use to configure the wireless device. It contains these sections: Cisco IOS Command Modes, page 3-2 •...
  • Page 50: Cisco Ios Command Modes

    When you start a session on the wireless device, you begin in user mode, often called user EXEC mode. A subset of the Cisco IOS commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time commands, such as show commands, which show the current configuration status, and clear commands, which clear counters or interfaces.
  • Page 51: Getting Help

    You have to enter only enough characters for the wireless device to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command: ap# show conf Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 52: Using No And Default Forms Of Commands

    Changing the Command History Buffer Size, page 3-5 • Recalling Commands, page 3-5 • Disabling the Command History Feature, page 3-5 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 53: Changing The Command History Buffer Size

    To disable the feature during the current terminal session, enter the terminal no history privileged EXEC command. To disable command history for the line, enter the no history line configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 54: Using Editing Features

    The buffer contains only the last 10 items that you have with the last ten items that you deleted or cut. If you press Esc Y more than ten times, you deleted. cycle to the first buffer entry. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 55: Editing Command Lines That Wrap

    To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can also press Ctrl-A to immediately move to the beginning of the line. The arrow keys function only on ANSI-compatible terminals such as VT100s. Note Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 56: Searching And Filtering Output Of Show And More Commands

    | include protocol Vlan1 is up, line protocol is up Vlan10 is up, line protocol is down GigabitEthernet0/1 is up, line protocol is down GigabitEthernet0/2 is up, line protocol is up Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 57: Accessing The Cli

    At the username and password prompts, enter your administrator username and password. The default Step 4 username is Cisco, and the default password is Cisco. The default enable password is also Cisco. Usernames and passwords are case-sensitive. Opening the CLI with Secure Shell Secure Shell Protocol is a protocol that provides a secure, remote connection to networking devices set up to use it.
  • Page 58 Chapter 3 Using the Command-Line Interface Accessing the CLI Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 3-10 OL-14209-01...
  • Page 59: Configuring The Access Point For The First Time

    Using a Telnet Session to Access the CLI, page 4-28 • Configuring the 802.1X Supplicant, page 4-29 In this release, the access point radio interfaces are disabled by default. Note Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 60: Before You Start

    Password window appears. Step 3 Enter your username in the User Name field. The default username is Cisco. Enter the wireless device password in the Password field and press Enter. The default password is Cisco. Step 4 The Summary Status page appears.
  • Page 61: Resetting To Default Settings Using The Cli

    The access point is configured with the factory default values including the IP address (set to receive an IP address using DHCP). To obtain the access point/bridge’s new IP address, you can use the show interface bvi1 CLI command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 62: Obtaining And Assigning An Ip Address

    To establish the link you must have two access point/bridges configured in the install mode. In the install mode, one access point/bridge must be configured as a root bridge and the other a non-root bridge. To Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 63: Connecting To The 1100 Series Access Point Locally

    IP address on the PC. On most PCs, you can perform a release and renew by rebooting your PC or by entering ipconfig /release and ipconfig /renew commands in a command prompt window. Consult your PC operating instructions for detailed instructions. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 64: Connecting To The 1130 Series Access Point Locally

    Connect a nine-pin, female DB-9 to RJ-45 serial cable to the RJ-45 serial port on the access point and Step 2 to the COM port on a computer. The Cisco part number for the DB-9 to RJ-45 serial cable is AIR-CONCAB1200. Browse to http://www.cisco.com/go/marketplace...
  • Page 65: Connecting To The 1300 Series Access Point/Bridge Locally

    Default Radio Settings Beginning with Cisco IOS Release 12.3(8)JA, access point radios are disabled and no default SSID is assigned. This was done in order to prevent unauthorized users to access a customer’s wireless network through an access point having a default SSID and no security settings. You must create an SSID before you can enable the access point radio interfaces.
  • Page 66: Assigning Basic Settings

    Password screen appears. Press Tab to bypass the Username field and advance to the Password field. Step 3 Enter the case-sensitive password Cisco and press Enter. The Summary Status page appears. A typical Step 4 Summary Status page is shown in Figure 4-1.
  • Page 67 Setup page for the 1100 series access points. Your pages may differ depending on the access point model you are using. Figure 4-2 Express Setup Page for 1100 Series Access Points Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 68 Note Figure 4-3 shows the Express Setup page for an 1130 series access point. The 1200 series is similar, but does not support the universal workgroup bridge role. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-10 OL-14209-01...
  • Page 69 Chapter 4 Configuring the Access Point for the First Time Assigning Basic Settings Figure 4-4 Express Setup Page for the 1250 Series Access Point Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-11 OL-14209-01...
  • Page 70 DHCP—IP addresses are automatically assigned by your network’s DHCP server. – Static IP—The wireless device uses a static IP address that you enter in the IP address field. – Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-12 OL-14209-01...
  • Page 71 Workgroup bridge mode, the access point functions as a client device that associates with a Cisco Aironet access point or bridge. A wokgroup bridge can have a maximum of 254 clients, presuming that no other wireless clients are associated to the root bridge or access point. This setting is available for the 1100, 1200, and 1300 series access points.
  • Page 72: Default Settings On The Express Setup Page

    Custom takes you to the Network Interfaces: Radio-802.11b Settings page. Radio-802.11b Settings page. Radio-802.11n Settings page (1250). Radio-802.11n Settings page (1250) Aironet Extensions—Enable this setting if there are only Cisco Aironetwireless devices on your • wireless LAN. Step 7 Click Apply to save your settings.
  • Page 73 Assigned by DHCP by default; if DHCP is disabled, the default setting is 0.0.0.0 SNMP Community defaultCommunity (Read-only) Role in Radio Network (for each Access point radio installed) Optimize Radio Network for Throughput Aironet Extensions Enable Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-15 OL-14209-01...
  • Page 74: Configuring Basic Security Settings

    Just as you use the Express Setup page to assign basic settings, you can use the Express Security page to create unique SSIDs and assign one of four security types to them. Figure 4-6 shows a typical Express Security page. Figure 4-6 Express Security Page Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-16 OL-14209-01...
  • Page 75 Configuring Basic Security Settings The Express Security page helps you configure basic security settings. You can use the web-browser interface’s main Security pages to configure more advanced security settings. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-17 OL-14209-01...
  • Page 76: Understanding Express Security Settings

    Note In Cisco IOS Release 12.4(10b)JA and 12.3(8)JEC, there is no default SSID. You must configure an SSID before client devices can associate to the access point. The SSID can consist of up to 32 alphanumeric, case-sensitive, characters.
  • Page 77: Express Security Types

    RADIUS server, consider using an access point as a local authentication server (see Chapter 9, “Configuring an Access Point as a Local Authenticator”). Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-19 OL-14209-01...
  • Page 78 If you are using the CLI, this warning port 1645). message appears: SSID CONFIG WARNING: [SSID]: If radio clients are using EAP-FAST, AUTH OPEN with EAP should also be configured. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-20 OL-14209-01...
  • Page 79: Express Security Limitations

    SSIDs are limited. See the “Using VLANs” section on page 4-18 for details. Step 6 Click Apply. The SSID appears in the SSID table at the bottom of the page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-21 OL-14209-01...
  • Page 80: Cli Configuration Examples

    Dot11Radio1/1.10 encapsulation dot1Q 10 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-22 OL-14209-01...
  • Page 81 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled interface Dot11Radio1/1.20 encapsulation dot1Q 20 no ip route-cache bridge-group 20 bridge-group 20 subscriber-loop-control Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-23 OL-14209-01...
  • Page 82 30 mode wep mandatory ssid eap_ssid speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 rts threshold 2312 station-role root Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-24 OL-14209-01...
  • Page 83 SSID called wpa_ssid, excluding the SSID from the beacon, and assigning the SSID to VLAN 40: ssid wpa_ssid vlan 40 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-25 OL-14209-01...
  • Page 84 40 block-unknown-source no bridge-group 40 source-learning no bridge-group 40 unicast-flooding bridge-group 40 spanning-disabled ssid wpa_ssid interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-26 OL-14209-01...
  • Page 85: Configuring System Power Settings For 1130 And 1240 Series Access Points

    If you use a switch to provide Power over Ethernet (PoE) to the 1130 access point, and the switch does not support the IEEE 802.3af power negotiation standard, select Pre-Standard Compatibility on the System Software: System Configuration page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-27 OL-14209-01...
  • Page 86: Assigning An Ip Address Using The Cli

    802.11 tables to the native power tables. The radio derives the values for this table from the NativePowerTable and NativePowerSupportedTable of the CISCO-DOT11-1F-MIB. The Native Power tables were designed specifically to configure powers as low as -1dBm for Cisco Aironet radios that support these levels.
  • Page 87: Configuring The 802.1X Supplicant

    (Optional)—Enter the anonymous identity to be used. Step 4 description description (Optional)—Enter a description for the credentials profile Step 5 username username Enter the authentication user id. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-29 OL-14209-01...
  • Page 88: Applying The Credentials To An Interface Or Ssid

    (Optional) Save your entries in the configuration file. startup-config Use the no form of the dot1x credentials command to negate a parameter. The following example creates a credentials profile named test with the username Cisco and a the unencrypted password Cisco: ap1240AG>enable...
  • Page 89: Applying The Credentials Profile To An Ssid Used For The Uplink

    The following example applys the credentials profile test to the ssid testap1 on a repeater access point. repeater-ap>enable Password:xxxxxxx repeater-ap#config terminal Enter configuration commands, one per line. End with CTRL-Z. repeater-ap(config-if)#dot11 ssid testap1 repeater-ap(config-ssid)#dot1x credentials test repeater-ap(config-ssid)#end repeater-ap(config) Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-31 OL-14209-01...
  • Page 90: Creating And Applying Eap Method Profiles

    You can optionally configure an EAP method list to enable the supplicant to recognize a particular EAP method. See “Creating and Applying EAP Method Profiles for the 802.1X Supplicant” on page 11-17. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 4-32 OL-14209-01...
  • Page 91: Administering The Access Pointwireless Device Access

    Defining HTTP Access, page 5-32 • Creating a Banner, page 5-35 • Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode, page 5-37 • Migrating to Japan W52 Domain, page 5-37 • Configuring Multiple VLAN and Rate Limiting for Point-to-Multipoint Bridging, page 5-39 •...
  • Page 92: Disabling The Mode Button

    This command disables password recovery. If you lose the privileged EXEC mode password for the Caution access point after entering this command, you will need to contact the Cisco Technical Assistance Center (TAC) to regain access to the access point CLI.
  • Page 93: Preventing Unauthorized Access To Your Access Point

    Password protection restricts access to a network or network device. Privilege levels define what commands users can issue after they have logged into a network device. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Security Command Reference for Release 12.3.
  • Page 94: Default Password And Privilege Level Configuration

    The password is encrypted in the configuration file. Enable secret password and privilege level The default enable password is Cisco. The default is level 15 (privileged EXEC level). The password is encrypted before it is written to the configuration file.
  • Page 95 This example shows how to change the enable password to l1u2c3k4y5. The password is not encrypted and provides access to level 15 (traditional privileged EXEC mode access): AP(config)# enable password l1u2c3k4y5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 96: Protecting Enable And Enable Secret Passwords With Encryption

    EXEC mode (the default) or any privilege level you specify. Cisco recommends that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command;...
  • Page 97: Configuring Username And Password Pairs

    Step 2. Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 98: Configuring Multiple Privilege Levels

    Configuring Multiple Privilege Levels By default, Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
  • Page 99: Logging Into And Exiting A Privilege Level

    This section describes how to control administrator access to the wireless device using Remote Authentication Dial-In User Service (RADIUS). For complete instructions on configuring the wireless device to support RADIUS, see Chapter 13, “Configuring RADIUS and TACACS+ Servers.” Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 100: Default Radius Configuration

    RADIUS is facilitated through AAA and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Security Command Reference for Release 12.3. These sections describe RADIUS configuration: Default RADIUS Configuration, page 5-10 •...
  • Page 101 {default | list-name} method1 [method2...] global configuration command. To either disable RADIUS authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-11 OL-14209-01...
  • Page 102: Defining Aaa Server Groups

    Beginning in privileged EXEC mode, follow these steps to define the AAA server group and associate a particular RADIUS server with it: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-12 OL-14209-01...
  • Page 103 Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Step 9 Enable RADIUS login authentication. See the “Configuring RADIUS Login Authentication” section on page 13-7. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-13 OL-14209-01...
  • Page 104: Configuring Radius Authorization For User Privileged Access And Network Services

    Configure the wireless device for user RADIUS authorization to determine if the user has privileged EXEC access. The exec keyword might return user profile information (such as autocommand information). Step 4 Return to privileged EXEC mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-14 OL-14209-01...
  • Page 105: Displaying The Radius Configuration

    TACACS+ is facilitated through AAA and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Security Command Reference for Release 12.3. These sections describe TACACS+ configuration: Default TACACS+ Configuration, page 5-15 •...
  • Page 106 Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-16 OL-14209-01...
  • Page 107: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services

    To disable authorization, use the no aaa authorization {network | exec} method1 global configuration command. Displaying the TACACS+ Configuration To display TACACS+ server statistics, use the show tacacs privileged EXEC command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-17 OL-14209-01...
  • Page 108: Configuring Ethernet Speed And Duplex Settings

    Configuring Ethernet Speed and Duplex Settings You can assign the wireless device Ethernet port speed and duplex settings. Cisco recommends that you use auto, the default setting, for both the speed and duplex settings on the wireless device Ethernet port.
  • Page 109: Configuring The Access Point For Local Authentication And Authorization

    Step 7 Return to privileged EXEC mode. Step 8 show running-config Verify your entries. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-19 OL-14209-01...
  • Page 110: Configuring The Authentication Cache And Profile

    See the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges, 12.3(7)JA for Note information about these commands. The following is a configuration example from an access point configured for Admin authentication using TACACS+ with the auth cache enabled.
  • Page 111 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled interface BVI1 ip address 192.168.133.207 255.255.255.0 no ip route-cache Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-21 OL-14209-01...
  • Page 112: Configuring The Access Point To Provide Dhcp Service

    1100 series access point. Because it has a console port to simplify initial setup, the 1200 series access point does not become a DHCP server automatically. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-22 OL-14209-01...
  • Page 113 DHCP server. For detailed information on DHCP-related commands and options, refer to the Configuring DHCP chapter in the Cisco IOS IP Configuration Guide, Release 12.3. Click this URL to browse to the “Configuring DHCP” chapter: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfdhcp.htm...
  • Page 114: Monitoring And Maintaining The Dhcp Server Access Point

    Displays recent activity on the DHCP database. Note Use this command in privileged EXEC mode. show ip dhcp server statistics Displays count information about server statistics and messages sent and received. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-24 OL-14209-01...
  • Page 115: Clear Commands

    Local Authentication and Authorization” section on page 5-19) For more information about SSH, refer to Part 5, “Other Security Features” in the Cisco IOS Security Configuration Guide for Release 12.3. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points...
  • Page 116: Configuring Ssh

    Optional ARP Caching When a non-Cisco client device is associated to an access point and is not passing data, the wireless device might not know the client’s IP address. If this situation occurs frequently on your wireless LAN, you can enable optional ARP caching.
  • Page 117: Configuring Arp Caching

    Network Time Protocol (SNTP), or manually, by setting the time and date on the wireless device. Note For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.3.
  • Page 118: Configuring Sntp

    If no other source of time is available, you can manually configure the time and date after the system is restarted. The time remains accurate until the next system restart. Cisco recommends that you use manual configuration only as a last resort. If you have an outside source to which the wireless device can synchronize, you do not need to manually set the system clock.
  • Page 119: Displaying The Time And Date Configuration

    • .—Time is authoritative, but NTP is not synchronized. • Configuring the Time Zone Beginning in privileged EXEC mode, follow these steps to manually configure the time zone: Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-29 OL-14209-01...
  • Page 120: Configuring Summer Time (Daylight Saving Time)

    (Optional) For hh:mm, specify the time (24-hour format) in hours and • minutes. (Optional) For offset, specify the number of minutes to add during • summer time. The default is 60. Step 3 Return to privileged EXEC mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-30 OL-14209-01...
  • Page 121 This example shows how to set summer time to start on October 12, 2000, at 02:00, and end on April 26, 2001, at 02:00: AP(config)# clock summer-time pdt date 12 October 2000 2:00 26 April 2001 2:00 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-31 OL-14209-01...
  • Page 122: Defining Http Access

    For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Configuration Fundamentals Command Reference and the Cisco IOS IP and IP Routing Command Reference for Release 12.3.
  • Page 123: Understanding Dns

    Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, such as the File Transfer Protocol (FTP) system, is identified as ftp.cisco.com.
  • Page 124: Setting Up Dns

    If there is a period (.) in the host name, Cisco IOS software looks up the IP address without appending any default domain name to the host name.
  • Page 125: Displaying The Dns Configuration

    The login banner also appears on all connected terminals. It appears after the MOTD banner and before the login prompts. For complete syntax and usage information for the commands used in this section, refer to the Cisco IOS Note Configuration Fundamentals Command Reference for Release 12.3.
  • Page 126 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-36 OL-14209-01...
  • Page 127: Configuring A Login Banner

    Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode You can run a utility to upgrade autonomous Cisco Aironet access points to the lightweight mode so that they can communicate with wireless LAN controllers on your network. For more information about using the upgrade utility, go to the following URL: http://cisco-images.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwap...
  • Page 128 If you choose no, the operation terminates as shown in this example: Begin to migrate Access Point from J (J52) to U (W52).do you want to Continue ? (yes/[no]):no AP not migrated. ap(config-if)# Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-38 OL-14209-01...
  • Page 129: Verifying The Migration

    16 Mb access points (1100, 1200, and 350 series) Rate limiting policy can only be applied to ingress ports of Fast Ethernet ingress ports on non-root Note bridges. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-39 OL-14209-01...
  • Page 130: Cli Command

    Use the bridge non-root client vlan <vlan id> command to add the 802.11Q tag to all incoming Ethernet packets. This command can only be applied to non-root bridges. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 5-40 OL-14209-01...
  • Page 131: Configuring Radio Settings

    Enabling Short Slot Time for 802.11g Radios, page 6-33 Performing a Carrier Busy Test, page 6-33 • Configuring VoIP Packet Handling, page 6-33 • Viewing VoWLAN Metrics, page 6-34 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 132: Enabling The Radio Interface

    Enabling the Radio Interface Enabling the Radio Interface The wireless device radios are disabled by default. Beginning with Cisco IOS Release 12.3(8)JA there is no SSID. You must create an SSID before you can Note enable the radio interface. Beginning in privileged EXEC mode, follow these steps to enable the access point radio:...
  • Page 133 { 0 | 1 } Enter interface configuration mode for the radio interface: 2.4-GHz radio and the 802.11n 2.4-Ghz radio is interface 0. 5-GHz radio and the 802.11n 5-GHz radio is interface 1. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 134 Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 135: Universal Workgroup Bridge Mode

    If validation fails, the workgroup bridge associates with its BVI’s MAC address. In universal workgroup bridge mode, the workgroup bridge uses the Ethernet client’s MAC address to associate with Cisco or non-Cisco root devices. The universal workgroup bridge is transparent and is not managed.
  • Page 136: Radio Tracking

    If the client reassociates to the access point, the root access point radio comes back up. MAC-address tracking is most useful when the client is a non-root bridge access point connected to an upstream wired network. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 137: Bridge Features Not Supported

    When the signal degrades (possibly due to distance from the access point,) the rates will renegotiate down in order to maintain the link (but at a lower data rate). Contrast that against a link Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 138: Access Points Send Multicast And Management Frames At Highest Basic Rate

    11Mbps are set to require on the connecting access point. Access Points Send Multicast and Management Frames at Highest Basic Rate Access points running recent Cisco IOS versions are transmitting multicast and management frames at the highest configured basic rate, and is a situation that could causes reliability problems.
  • Page 139 [m8-15] [m8.] [m9.] | range | On the 5-GHz radio, the default option sets rates 6.0, 12.0, throughput } and 24.0 to basic, and rates 9.0, 18.0, 36.0, 48.0, and 54.0 to enabled. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 140: Configuring Mcs Rates

    Width Data Rate Width Data Rate Width Data Rate Width Data Rate (Mbps) (Mbps) (Mbps) (Mbps) 13.5 7 2/9 14 4/9 19.5 40.5 21 2/3 28 8/9 43 1/3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-10 OL-14209-01...
  • Page 141: Configuring Radio Transmit Power

    To determine what transmit power is available for your access point and which regulatory domain it operates in, refer to the hardware installation guide for that device. hardware installation guides are available at cisco.com. Follow these steps to view and download them: Browse to http://www.cisco.com.
  • Page 142 These options are available for the 2.4-GHz 802.11n radio (in dBM): { -1 | 2 | 5 | 8 | 11 | 14 | 17 | 20| 23 | maximum } Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-12 OL-14209-01...
  • Page 143: Limiting The Power Level For Associated Client Devices

    Cisco AVVID documentation uses the term Dynamic Power Control (DTPC) to refer to limiting the Note power level on associated client devices.
  • Page 144: Configuring Radio Channel Settings

    See the access point’s hardware installation guide for the frequencies allowed in your domain. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-14...
  • Page 145: 802.11N Channel Widths

    Note Cisco Aironet CB20A client radios sometimes fail to associate to the AIR-RM21A radio module because the CB20A client does not support all the channels supported by the AIR-RM21A radio module. The default channel setting for the AIR-RM21A radio module, least congested, often results in the access point settling on one of these frequencies that the CB20A client radio does not support: channel 149 (5745 GHz), channel 153 (5765 GHz), channel 157 (5785 GHz), and channel 161 (5805 GHz).
  • Page 146: Dynamic Frequency Selection

    Disassociates remaining client devices. • If participating in WDS, sends a DFS notification to the active WDS device that it is leaving the frequency. Randomly selects a different 5-GHz channel. • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-16 OL-14209-01...
  • Page 147 After 30 minutes, the flag is cleared for the corresponding channel. If the access point is rebooted before a flag is cleared, the non-occupancy time is reset to 30 minutes when the channel initializes. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-17...
  • Page 148: Cli Commands

    Note Cisco recommends that you use the world-mode dot11d country-code configuration interface command to configure a country code on DFS-enabled radios. The IEEE 802.11h protocol requires access points to include the country information element (IE) in beacons and probe responses. By default, however, the country code in the IE is blank.
  • Page 149: Configuring A Channel

    2—Specifies frequencies 5.250 to 5.350 GHz. This group of frequencies is also known as the UNII-2 • band. 3—Specifies frequencies 5.470 to 5.725 GHz. • 4—Specifies frequencies 5.725 to 5.825 GHz. This group of frequencies is also known as the UNII-3 • band. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-19 OL-14209-01...
  • Page 150: Setting The 802.11N Guard Interval

    (800ns) guard interval. • Step 4 Return to privileged EXEC mode. Step 5 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-20 OL-14209-01...
  • Page 151: Configuring Location-Based Services

    LBS settings do not appear on the access point GUI in this release. Understanding Location-Based Services Cisco recommends that you configure a minimum of three access points for LBS. When you configure location-based services (LBS) on your access points, the access points monitor location packets sent by LBS positioning tags attached to assets that you want to track.
  • Page 152: Enabling And Disabling World Mode

    Enabling and Disabling World Mode You can configure the wireless device to support 802.11d world mode, Cisco legacy world mode, or world mode roaming. When you enable world mode, the wireless device adds channel carrier set information to its beacon. Client devices with world mode enabled receive the carrier set information and adjust their settings automatically.
  • Page 153: Disabling And Enabling Short Radio Preambles

    Disabling and Enabling Short Radio Preambles network there. Cisco client devices running firmware version 5.30.17 or later detect whether the wireless device is using 802.11d or Cisco legacy world mode and automatically use world mode that matches the mode used by the wireless device.
  • Page 154: Configuring Transmit And Receive Antennas

    Long—A long preamble ensures compatibility between the wireless device and all early models of • Cisco Aironet Wireless LAN Adapters (PC4800 and PC4800A). If these client devices do not associate to the wireless devices, you should use short preambles. You cannot configure short or long radio preambles on the 5-GHz radio.
  • Page 155: Enabling And Disabling Gratuitous Probe Response

    Selecting higher transmission speeds also reduces the amount of bandwidth consumed but at the expense of a smaller cell size. Beginning in privileged EXEC mode, follow these steps to enable GPR and set its parameters: Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-25 OL-14209-01...
  • Page 156: Disabling And Enabling Aironet Extensions

    Use the no form of the command to disable the GPR feature. Disabling and Enabling Aironet Extensions By default, the wireless device uses Cisco Aironet 802.11 extensions to detect the capabilities of Cisco Aironet client devices and to support features that require specific interaction between the wireless device and associated client devices.
  • Page 157: Configuring The Ethernet Encapsulation Transformation Method

    802.3 using an encapsulation transformation method. These are the two transformation methods: 802.1H • RFC1042—This is the default setting. Use this setting to ensure interoperability with non-Cisco • Aironet wireless equipment. Beginning in privileged EXEC mode, follow these steps to configure the encapsulation transformation...
  • Page 158: Enabling And Disabling Reliable Multicast To Workgroup Bridges

    A Cisco Aironet Workgroup Bridge provides a wireless LAN connection for up to eight Ethernet-enabled devices.
  • Page 159: Enabling And Disabling Public Secure Packet Forwarding

    To enable and disable PSPF using CLI commands on the wireless device, you use bridge groups. You can find a detailed explanation of bridge groups and instructions for implementing them in this document: Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.2. Click this link to • browse to the Configuring Transparent Bridging chapter: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fibm_c/bcfpart1/bcftb.
  • Page 160: Configuring Protected Ports

    The 2.4-GHz radio and the 802.11n 2.4-GHz radio is 0. The 5-GHz radio and the 802.11n 5-GHz radio is 1. Step 3 beacon period value Set the beacon period. Enter a value in Kilomicroseconds. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-30 OL-14209-01...
  • Page 161: Configure Rts Threshold And Retries

    Return to privileged EXEC mode. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no form of the command to reset the RTS settings to defaults. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-31 OL-14209-01...
  • Page 162: Configuring The Maximum Data Retries

    Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no form of the command to reset the setting to defaults. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-32 OL-14209-01...
  • Page 163: Enabling Short Slot Time For 802.11G Radios

    The default value for maximum retries is 3 for the Low Latency setting (Figure 6-3). This value indicates how many times the access point will try to retrieve a lost packet before discarding it. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-33 OL-14209-01...
  • Page 164: Viewing Vowlan Metrics

    Figure 6-3 Packet Handling Configuration You can also configure VoIP packet handling using the CLI. For a list of Cisco IOS commands for configuring VoIP packet handling using the CLI, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
  • Page 165 To view graphs of voice streams in progress, choose Voice Streams In Progress from the Report • Name drop-down menu. To view a graph of rejected voice streams, choose Rejected Voice Streams from the Report Name • drop-down menu. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-35 OL-14209-01...
  • Page 166 Figure 6-5 % of Packets > 40 ms Queuing Delay Figure 6-6 is an example of a graph showing voice streaming in progress. Figure 6-6 Voice Streaming Progress Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-36 OL-14209-01...
  • Page 167: Viewing Wireless Client Reports

    On the left-hand side, click the MAC address of a client to display the corresponding VoWLAN metrics. Step 6 The metrics appear on the right-hand side as shown in the example in Figure 6-7. Figure 6-7 Wireless Client Metrics Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-37 OL-14209-01...
  • Page 168: Viewing Voice Fault Summary

    Downstream Delay with U-ASPD used • Upstream Delay • Downstream Packet Loss Rate • Upstream Packet Loss Rate Roaming Time • To view a summary of voice faults, follow these steps: Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-38 OL-14209-01...
  • Page 169: Configuring Voice Fault Settings

    Figure 6-8, the system generates P1 faults when QoS is degraded and P3 faults when QoS is fair. If QoS is green, the system clears the faults generated. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-39 OL-14209-01...
  • Page 170 Chapter 6 Configuring Radio Settings Viewing VoWLAN Metrics Figure 6-10 Fault Settings Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 6-40 OL-14209-01...
  • Page 171: Configuring Multiple Ssids

    Configuring Multiple Basic SSIDs, page 7-8 • Assigning IP Redirection for an SSID, page 7-11 • Including an SSID in an SSIDL IE, page 7-13 • • NAC Support for MBSSID, page 7-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 172: Understanding Multiple Ssids

    SSID parameters under multiple interfaces. Configuration of SSID parameters at the interface level was supported in Cisco IOS Release 12.3(2)JA release for backward compatibility, but configuration of SSID parameters at the interface level disabled in releases after Cisco IOS Release 12.3(4)JA.
  • Page 173 Cisco IOS Release 12.4(10b)JA. If you need to upgrade from Cisco IOS Release 12.3(2)JA or earlier to a release later than 12.3(4)JA, you should first upgrade to Cisco IOS Release 12.3(4)JA, save the configuration file, upgrade to the target release, and load the saved configuration file.
  • Page 174: Configuring Multiple Ssids

    • Using a RADIUS Server to Restrict SSIDs, page 7-7 • In Cisco IOS Release 12.3(4)JA and later, you configure SSIDs globally and then apply them to a Note specific radio interface. Follow the instructions in the “Creating an SSID Globally” section on page 7-4 to configure SSIDs globally.
  • Page 175 Assign the global SSID that you created in Step 2 to the radio interface. Step 10 Return to privileged EXEC mode. Step 11 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 176: Viewing Ssids Configured Globally

    AP# show running-config ssid ssid-string Using Spaces in SSIDs In Cisco IOS Release 12.3(7)JA and later, You can include spaces in an SSID, but trailing spaces (spaces at the end of an SSID) are invalid. However, any SSIDs created in previous versions having trailing spaces are recognized.
  • Page 177: Using A Radius Server To Restrict Ssids

    The allowed list of SSIDs from the RADIUS server are in the form of Cisco VSAs. The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the access point and the RADIUS server by using the vendor-specific attribute (attribute 26).
  • Page 178: Configuring Multiple Basic Ssids

    To configure multiple BSSIDs, your access points must meet these minimum requirements: VLANs must be configured • Access points must run Cisco IOS Release 12.3(4)JA or later • • Access points must contain an 802.11a or 802.11g radio that supports multiple BSSIDs. To determine whether a radio supports multiple basic SSIDs, enter the show controllers radio_interface command.
  • Page 179 Assign authentication, authenticated key management, and accounting settings to the SSID in the Step 6 Authentication Settings, Authenticated Key Management, and Accounting Settings sections of the page. BSSIDs support all the authentication types that are supported on SSIDs. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 180: Cli Configuration Example

    Use the show dot11 bssid privileged EXEC command to display the relationship between SSIDs and BSSIDs or MAC addresses. This example shows the command output: AP1230#show dot11 bssid Interface BSSID Guest SSID Dot11Radio1 0011.2161.b7c0 atlantic Dot11Radio0 0005.9a3e.7c0f WPA2-TLS-g Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-10 OL-14209-01...
  • Page 181: Assigning Ip Redirection For An Ssid

    IP-redirect UDP port to IP-redirect forward packet filters enabled? address counter Port number in packet match port permit number? Increment IP- Drop redirect drop packet packet counter Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-11 OL-14209-01...
  • Page 182: Guidelines For Using Ip Redirection

    SSID batman: AP# configure terminal AP(config)# interface dot11radio 0 AP(config-if)# ssid batman AP(config-if-ssid)# ip redirection host 10.91.104.91 AP(config-if-ssid-redirect)# end Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-12 OL-14209-01...
  • Page 183: Including An Ssid In An Ssidl Ie

    Infected or vulnerable endpoints need to be automatically detected, isolated, and cleaned. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-13 OL-14209-01...
  • Page 184 Wired side traffic is segregated because different VLANs are used, thereby ensuring that traffic from infected and uninfected clients do not mix. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-14...
  • Page 185 NAC Support for MBSSID A new keyword, backup, is added to the existing vlan <name> | <id> under dot11 ssid <ssid> as described below: vlan <name>|<id> [backup <name>|<id>, <name>|<id>, <name>|<id> Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-15 OL-14209-01...
  • Page 186: Configuring Nac For Mbssid

    Restricted Access VLAN/Network VLAN/Network Wireless laptops For additional information, see the documentation for deploying NAC for Cisco wireless networks. Follow these steps to configure NAC for MBSSID on your access point: Configure your network as shown in Figure Step 1 Step 2 Configure standalone access points and NAC-enabled client-EAP authentication.
  • Page 187 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled interface FastEthernet0.102 encapsulation dot1Q 102 no ip route-cache bridge-group 102 no bridge-group 102 source-learning bridge-group 102 spanning-disabled Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-17 OL-14209-01...
  • Page 188 Chapter 7 Configuring Multiple SSIDs NAC Support for MBSSID Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 7-18 OL-14209-01...
  • Page 189: Configuring Spanning Tree Protocol

    • Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Command Reference for Access Points and Bridges for this release. STP is available only when the access point is in bridge mode.
  • Page 190: Understanding Spanning Tree Protocol

    The access point supports both per-VLAN spanning tree (PVST) and a single 802.1q spanning tree without VLANs. The access point cannot run 802.1s MST or 802.1d Common Spanning Tree, which maps multiple VLANs into a one-instance spanning tree. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 191: 1300 And 350 Series Bridge Interoperability

    VLAN. 1300 and 350 Series Bridge Interoperability Cisco Aironet 1300 and 350 Series Bridges are interoperable when STP is enabled and no VLANs are configured. This configuration is the only one available for the following reasons: When STP is disabled, the 350 series bridge acts as a 350 series access point and disallows •...
  • Page 192: Election Of The Spanning-Tree Root

    MAC addresses, access point priority, port priority, and path cost. STP uses this information to elect the spanning-tree root and root port for the network and the root port and designated port for each LAN segment. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 193: Spanning-Tree Timers

    When an interface transitions directly from nonparticipation in the spanning-tree topology to the forwarding state, Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 194 When the spanning-tree algorithm places a Layer 2 interface in the forwarding state, this process occurs: The interface is in the listening state while spanning tree waits for protocol information to transition the interface to the blocking state. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 195: Blocking State

    An interface in the learning state prepares to participate in frame forwarding. The interface enters the learning state from the listening state. An interface in the learning state performs as follows: Discards frames received on the port • Learns addresses • Receives BPDUs • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 196: Forwarding State

    STP settings when you enable STP. Table 8-2 Default STP Values When STP is Enabled Setting Default Value Bridge priority 32768 Bridge max age Bridge hello time Bridge forward delay Ethernet port path cost Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 197: Configuring Stp Settings

    Step 8 Return to privileged EXEC mode. Step 9 show spanning-tree bridge Verify your entries. Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 198: Stp Configuration Examples

    1 protocol ieee bridge 1 route ip bridge 1 priority 9000 line con 0 exec-timeout 0 0 line vty 0 4 login line vty 5 15 login Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-10 OL-14209-01...
  • Page 199: Non-Root Bridge Without Vlans

    Root Bridge with VLANs This example shows the configuration of a root bridge with VLANs configured with STP enabled: hostname master-bridge-hq ip subnet-zero ip ssh time-out 120 ip ssh authentication-retries 3 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-11 OL-14209-01...
  • Page 200 3 no ip route-cache bridge-group 3 interface BVI1 ip address 1.4.64.23 255.255.0.0 no ip route-cache ip default-gateway 1.4.0.1 bridge 1 protocol ieee bridge 1 route ip Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-12 OL-14209-01...
  • Page 201: Non-Root Bridge With Vlans

    2 interface Dot11Radio0.3 encapsulation dot1Q 3 no ip route-cache no cdp enable bridge-group 3 interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 8-13 OL-14209-01...
  • Page 202: Displaying Spanning-Tree Status

    For information about other keywords for the show spanning-tree privileged EXEC command, refer to the Cisco Aironet IOS Command Reference for Cisco Aironet Access Points and Bridges for this release. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points...
  • Page 203: Configuring An Access Point As A Local Authenticator

    LEAP, EAP-FAST, and MAC-based authentication for up to 50 client devices. This chapter contains these sections: Understanding Local Authentication, page 9-2 • Configuring a Local Authenticator, page 9-2 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 204: Understanding Local Authentication

    Configuring Other Access Points to Use the Local Authenticator, page 9-6 • Configuring EAP-FAST Settings, page 9-7 • Unblocking Locked Usernames, page 9-9 • Viewing Local Authenticator Statistics, page 9-9 • Using Debug Messages, page 9-11 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 205: Guidelines For Local Authenticators

    Beginning in Privileged Exec mode, follow these steps to configure the access point as a local authenticator: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 206 See the “Unblocking Locked Usernames” section on page 9-9 for instructions on unblocking client devices. Step 10 exit Exit group configuration mode and return to authenticator configuration mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 207 AP(config-radsrv)# user jsmith password twain74 group clerks AP(config-radsrv)# user stpatrick password snake100 group clerks AP(config-radsrv)# user nick password uptown group clerks AP(config-radsrv)# user 00095125d02b password 00095125d02b group clerks mac-auth-only Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 208: Configuring Other Access Points To Use The Local Authenticator

    When setting a dead time, you must balance the need to skip dead servers with the need to check the WAN link and begin using the main servers again as soon as possible. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 209: Configuring Eap-Fast Settings

    (such as tftp://172.1.1.1/test/user.pac). The password is optional and, if not specified, a default password understood by the CCX client is used. Expiry is also optional and, if not specified, the default period is 1 day. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 210: Configuring An Authority Id

    PACs generated by the local authenticator might not expire when they should. The access point clock is reset when the access point reboots, so the elapsed time on the clock would not reach the PAC expiration time. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 211: Limiting The Local Authenticator To One Authentication Type

    Shared key mismatch Invalid state attribute: 0 Unknown EAP message Unknown EAP auth type Auto provision success : 0 Auto provision failure : 0 PAC refresh Invalid PAC received Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 212 Unblocked in x seconds appears at the end of the stat line for that user. Use this privileged exec mode command to reset local authenticator statistics to zero: AP# clear radius local-server statistics Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 9-10 OL-14209-01...
  • Page 213: Using Debug Messages

    Use the error option to display error messages related to the local authenticator. Use the packets option to turn on display of the content of RADIUS packets sent and received. • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 9-11 OL-14209-01...
  • Page 214 Chapter 9 Configuring an Access Point as a Local Authenticator Configuring a Local Authenticator Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 9-12 OL-14209-01...
  • Page 215: Configuring Cipher Suites And Wep

    Check (MIC), Temporal Key Integrity Protocol (TKIP), and broadcast key rotation. This chapter contains these sections: Understanding Cipher Suites and WEP, page 10-2 • Configuring Cipher Suites and WEP, page 10-3 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 10-1 OL-14209-01...
  • Page 216: Understanding Cipher Suites And Wep

    Cipher suites are sets of encryption and integrity algorithms designed to protect radio communication on your wireless LAN. You must use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco Centralized Key Management (CCKM). Because cipher suites provide the protection of WEP while also...
  • Page 217: Configuring Cipher Suites And Wep

    An extension of IV space, to virtually eliminate the need for re-keying – • CKIP (Cisco Key Integrity Protocol)—Cisco's WEP key permutation technique based on an early algorithm presented by the IEEE 802.11i security task group. CMIC (Cisco Message Integrity Check)—Like TKIP's Michael, Cisco's message integrity check •...
  • Page 218 This example shows how to create a 128-bit WEP key in slot 3 for VLAN 22 and sets the key as the transmit key: ap1200# configure terminal ap1200(config)# interface dot11radio 0 ap1200(config-if)# encryption vlan 22 key 3 size 128 12345678901234567890123456 transmit-key ap1200(config-if)# end Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 10-4 OL-14209-01...
  • Page 219: Wep Key Restrictions

    WEP key 4 on the other device is set, but because it is not selected as the transmit key, WEP key 4 on the access point does not need to be set at all. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 10-5...
  • Page 220: Enabling Cipher Suites And Wep

    TKIP without enabling WPA or CCKM key management. Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 10-6 OL-14209-01...
  • Page 221: Matching Cipher Suites With Wpa And Cckm

    Client devices using static WEP cannot use the access point when you enable broadcast key rotation. Note When you enable broadcast key rotation, only wireless client devices using 802.1x authentication (such as LEAP, EAP-TLS, or PEAP) can use the access point. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 10-7 OL-14209-01...
  • Page 222 This example enables broadcast key rotation on VLAN 22 and sets the rotation interval to 300 seconds: ap1200# configure terminal ap1200(config)# interface dot11radio 0 ap1200(config-if)# broadcast-key vlan 22 change 300 ap1200(config-if)# end Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 10-8 OL-14209-01...
  • Page 223: Configuring Authentication Types

    This chapter describes how to configure authentication types on the access pointwireless device. This chapter contains these sections: Understanding Authentication Types, page 11-2 • Configuring Authentication Types, page 11-10 • Matching Access Point and Client Device Authentication Types, page 11-19 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-1 OL-14209-01...
  • Page 224: Understanding Authentication Types

    In this example, the device’s WEP key does not match the access point’s key, so it can authenticate but not pass data. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-2 OL-14209-01...
  • Page 225: Shared Key Authentication To The Access Point

    6. Key mismatch, frame discarded Shared Key Authentication to the Access Point Cisco provides shared key authentication to comply with the IEEE 802.11b standard. However, because of shared key’s security flaws, Cisco recommends that you avoid using it. During shared key authentication, the access point sends an unencrypted challenge text string to any device attempting to communicate with the access point.
  • Page 226: Eap Authentication To The Network

    The client and access point activate WEP and use the session and broadcast WEP keys for all communications during the remainder of the session. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-4 OL-14209-01...
  • Page 227: Mac Address Authentication To The Network

    MAC-address cache without sending the request to your authentication server. See the “Configuring MAC Authentication Caching” section on page 11-15 instructions on enabling this feature. Figure 11-4 shows the authentication sequence for MAC-based authentication. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-5 OL-14209-01...
  • Page 228: Combining Mac-Based, Eap, And Open Authentication

    Using CCKM for Authenticated Clients Using Cisco Centralized Key Management (CCKM), authenticated client devices can roam from one access point to another without any perceptible delay during reassociation. An access point on your network provides Wireless Domain Services (WDS) and creates a cache of security credentials for CCKM-enabled client devices on the subnet.
  • Page 229: Using Wpa Key Management

    802.11 cipher negotiation phase. In this scenario, the client device is disassociated from the wireless LAN. See the “Assigning Authentication Types to an SSID” section on page 11-10 for instructions on configuring WPA key management on your access point. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-7 OL-14209-01...
  • Page 230: Software And Firmware Requirements For Wpa, Cckm, Ckip, And Wpa-Tkip

    Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP Table 11-1 lists the firmware and software requirements required on access points and Cisco Aironet client devices to support WPA and CCKM key management and CKIP and WPA-TKIP encryption protocols.
  • Page 231 Refer to the Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows for complete instructions on configuring security settings on Cisco Aironet client devices. Click this URL to browse to the Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows: http://www.cisco.com/en/US/products/hw/wireless/ps4555/products_installation_and_configuration_g...
  • Page 232: Configuring Authentication Types

    The following characters are invalid and cannot be used in an SSID: Plus sign (+) • Right bracket (]) • Front slash (/) • Quotation mark (") • • Trailing spaces • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-10 OL-14209-01...
  • Page 233 MAC address authentication. For list-name, specify the authentication method list. (Optional) Set the SSID’s authentication type to shared • key with EAP authentication. For list-name, specify the authentication method list. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-11 OL-14209-01...
  • Page 234 Chapter 12, “Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services,” for detailed instructions on setting up your wireless LAN to use CCKM and a subnet context manager. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-12 OL-14209-01...
  • Page 235: Configuring Wpa Migration Mode

    3 size 128 12345678901234567890123456 transmit-key ap1200(config-ssid)# authentication open ap1200(config-ssid)# authentication network-eap adam ap1200(config-ssid)# authentication key-management wpa optional ap1200(config-ssid)# wpa-psk ascii batmobile65 ap1200(config)# interface dot11radio 0 ap1200(config-if)# ssid migrate ap1200(config-ssid)# end Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-13 OL-14209-01...
  • Page 236: Configuring Additional Wpa Settings

    The 5-GHz radio and the 5-GHz 802.11n radio is 1. Step 5 ssid ssid-string Enter the ssid defined in Step 2 to assign the ssid to the selected radio interface. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-14 OL-14209-01...
  • Page 237: Configuring Mac Authentication Caching

    [address] clear specific clients from the cache. Step 6 Return to privileged EXEC mode. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-15 OL-14209-01...
  • Page 238: Configuring Authentication Holdoffs, Timeouts, And Intervals

    Enter interface configuration mode for the radio interface. The 2.4-GHz radio and the 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-16 OL-14209-01...
  • Page 239: Creating And Applying Eap Method Profiles For The 802.1X Supplicant

    The 8021X supplicant is available on 1130AG, 1240AG, 1250 and 1300 series access points. It is not Note available on 1100 and 1200 series access points. Creating a Credentials Profile, page 4-29 for additional information about the 802.1X supplicant. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-17 OL-14209-01...
  • Page 240: Creating An Eap Method Profile

    You can also use interface fa0 to enter the fast Ethernet configuration mode. Step 3 dot1x eap profile profile Enter the profile preconfigured profile name. Step 4 Exit the interface configuration mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-18 OL-14209-01...
  • Page 241: Applying An Eap Profile To An Uplink Ssid

    Open authentication with EAP. To allow both Cisco Aironet clients using LEAP and non-Cisco Aironet clients using LEAP to associate using the same SSID, you might need to configure the SSID for both Network EAP authentication and Open authentication with EAP.
  • Page 242 To allow both WPA and Note both WPA and non-WPA access non-WPA clients to use the points, enable Allow Association SSID, enable optional to both WPA and non-WPA WPA. authenticators. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-20 OL-14209-01...
  • Page 243 Set up and enable WEP and enable to configure card control using IEEE 802.1X and EAP and Open Authentication for Smart Card or other Certificate as the SSID the EAP Type Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 11-21 OL-14209-01...
  • Page 244 Type SSID 1. Some non-Cisco Aironet client adapters do not perform 802.1X authentication to the access point unless you configure Open authentication with EAP. To allow both Cisco Aironet clients using LEAP and non-Cisco Aironet clients using LEAP to associate using the same SSID, you might need to configure the SSID for both Network EAP authentication and Open authentication with EAP.
  • Page 245: Services

    Configuring WLSM Failover, page 12-32 For instructions on configuring WDS on a switch’s Wireless LAN Services Module (WLSM), refer to the Catalyst 6500 Series Wireless LAN Services Module Installation and Configuration Note. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-1 OL-14209-01...
  • Page 246: Understanding Wds

    Participating Access Points Supported by WDS Devices Unit Configured as WDS Device Participating Access Points Supported Access point that also serves client devices Access point with radio interfaces disabled Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-2 OL-14209-01...
  • Page 247: Role Of Access Points Using The Wds Device

    During normal operation, LEAP-enabled client devices mutually authenticate with a new access point by performing a complete LEAP authentication, including communication with the main RADIUS server, as in Figure 12-1. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-3 OL-14209-01...
  • Page 248 When you configure your wireless LAN for fast, secure roaming, however, LEAP-enabled client devices roam from one access point to another without involving the main RADIUS server. Using Cisco Centralized Key Management (CCKM), a device configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and authenticates the client so quickly that there is no perceptible delay in voice or other time-sensitive applications.
  • Page 249: Understanding Radio Management

    For instructions on configuring WDS on a switch equipped with a Wireless LAN Services Module (WLSM), refer to the Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM) Deployment Guide. The Layer 3 mobility wireless LAN solution consists of these hardware and software components: •...
  • Page 250: Understanding Wireless Intrusion Detection Services

    Understanding Wireless Intrusion Detection Services When you implement Wireless Intrusion Detection Services (WIDS) on your wireless LAN, your access points, WLSE, and an optional (non-Cisco) WIDS engine work together to detect and prevent attacks on your wireless LAN infrastructure and associated client devices.
  • Page 251: Configuring Wds

    Requirements for WDS, page 12-8 • Configuration Overview, page 12-8 • Configuring Access Points as Potential WDS Devices, page 12-9 • Configuring Access Points to use the WDS Device, page 12-14 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-7 OL-14209-01...
  • Page 252: Guidelines For Wds

    WDS device. For instructions on configuring WDS on a switch equipped with a Wireless LAN Services Module (WLSM), refer to the Cisco Catalyst 6500 Series Wireless LAN Services Module (WLSM) Deployment Guide.
  • Page 253: Configuring Access Points As Potential Wds Devices

    EAP on the access point. You cannot configure a 350 series access point as your main WDS device. However, you can configure Note 350 series access points to participate in WDS. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-9 OL-14209-01...
  • Page 254 Step 3 page. Figure 12-6 shows the General Setup page. Figure 12-6 WDS/WNM General Setup Page Check the Use this AP as Wireless Domain Services check box. Step 4 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-10 OL-14209-01...
  • Page 255 WLSE device. Click Apply. Step 8 Click Server Groups to browse to the WDS Server Groups page. Figure 12-7 shows the WDS Server Step 9 Groups page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-11 OL-14209-01...
  • Page 256 Chapter 9, “Configuring an Access Point as a Local Authenticator,” for configuration instructions. Step 12 (Optional) Select backup servers from the Priority 2 and 3 drop-down menus. Step 13 Click Apply. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-12 OL-14209-01...
  • Page 257: Cli Configuration Example

    In this example, infrastructure devices are authenticated using server group infra_devices; client devices using SSIDs fred or ginger are authenticated using server group client_devices. For complete descriptions of the commands used in this example, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
  • Page 258: Configuring Access Points To Use The Wds Device

    In the Password field, enter a password for the access point, and enter the password again in the Confirm Step 6 Password field. This password must match the password that you create for the access point on your authentication server. Step 7 Click Apply. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-14 OL-14209-01...
  • Page 259: Cli Configuration Example

    On your server, you must configure usernames and passwords for the access points and a username and password for the WDS device. If your server runs Cisco ACS, follow these steps to configure the access points on your server: Log into Cisco Secure ACS and click Network Configuration to browse to the Network Configuration Step 1 page.
  • Page 260 Figure 12-9 Network Configuration Page Click Add Entry under the AAA Clients table. The Add AAA Client page appears. Figure 12-10 shows Step 2 the Add AAA Client page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-16 OL-14209-01...
  • Page 261 In the AAA Client IP Address field, enter the IP address of the WDS device. Step 5 In the Key field, enter exactly the same password that is configured on the WDS device. From the Authenticate Using drop-down menu, select RADIUS (Cisco Aironet). Step 6 Click Submit.
  • Page 262 Step 10 Click Add/Edit. Step 11 Scroll down to the User Setup box. Figure 12-12 shows the User Setup box. Step 12 Figure 12-12 ACS User Setup Box Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-18 OL-14209-01...
  • Page 263: Configuring Wds Only Mode

    The access point and WDS associate directly to wireless clients. In this mode, the WDS supports 30 infrastructure access points and 600 clients in addition to 20 direct wireless client associations. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-19 OL-14209-01...
  • Page 264: Viewing Wds Information

    WDS device’s IP address, MAC address, and priority. If the state is WDS-only, the command displays the device’s MAC address, IP address, interface state, access point count, and mobile node count. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-20 OL-14209-01...
  • Page 265: Using Debug Messages

    An authentication server (or an access point, ISR, or switch configured as a local authenticator) • • Cisco Aironet client devices, or Cisco-compatible client devices that comply with Cisco Compatible Extensions (CCX) version 2 or later For instructions on configuring WDS, refer to the “Configuring WDS”...
  • Page 266: Configuring Access Points To Support Fast Secure Roaming

    Select CKIP + CMIC from the Cipher drop-down menu. Step 3 Click Apply. Step 4 Browse to the Global SSID Manager page. Figure 12-15 shows the top sections of the Global SSID Step 5 Manager page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-22 OL-14209-01...
  • Page 267 If your access point contains multiple radio interfaces, select the interfaces on which the SSID applies. Select Network EAP under Authentication Settings. When you enable CCKM, you must enable Network EAP as the authentication type. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-23 OL-14209-01...
  • Page 268: Cli Configuration Example

    2.4-GHz radio interface, and the SSID fastroam is enabled on the 2.4-GHz radio interface. For complete descriptions of the commands used in this example, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
  • Page 269: Overview

    CCXv5 capable. By default, Client MFP is optional for a particular SSID on the access point, and can be enabled or disabled using the CLI in SSID configuration mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-25...
  • Page 270: Configuring Client Mfp

    MIC, causing any receiving access point that is configured to detect (validate) MFP frames to report the discrepancy. The access point must be a member of a WDS. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-26 OL-14209-01...
  • Page 271 Step 3 Return to the privileged EXEC mode. Step 4 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-27 OL-14209-01...
  • Page 272: Configuring Radio Management

    Click WDS to browse to the General Setup page. Step 2 On the WDS/WNM Summary page, click Settings to browse to the General Setup page. Figure 12-17 Step 3 shows the General Setup page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-28 OL-14209-01...
  • Page 273: Cli Configuration Example

    In this example, the WDS access point is enabled to interact with a WLSE device with the IP address 192.250.0.5. For complete descriptions of the commands used in this example, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
  • Page 274: Configuring Access Points To Participate In Wids

    If your access point contains two radios, both radios must be configured for scanner mode before you Note can configure monitor mode on the interfaces. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-30 OL-14209-01...
  • Page 275: Displaying Monitor Mode Statistics

    Total No. of captured frames forwarded : 23179 Total No. of captured frames forward failed : 0 Use the clear wlccp ap rm statistics command to clear the monitor mode statistics. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-31 OL-14209-01...
  • Page 276: Configuring Monitor Mode Limits

    SUP continue to be connected to the SUP and won’t notice any interruption in service. When an access point detects a WLSM failure, it doesn’t tear down the active Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-32...
  • Page 277: Active/Standby Wlsm Failover

    WLSM becomes active and takes over the control traffic for existing and new access point clients without interrupting data traffic. This feature in addition to resilient tunnel recovery provide near-hot standby in case of WLSM failure. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-33 OL-14209-01...
  • Page 278 Chapter 12 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Configuring WLSM Failover Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 12-34 OL-14209-01...
  • Page 279: Configuring Radius And Tacacs+ Servers

    “Configuring Authentication Types,” for detailed instructions on configuring your access point as a local authenticator. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Security Command Reference for Release 12.2.
  • Page 280: Understanding Radius

    Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. Networks using a variety of services. RADIUS generally binds a user to one service model.
  • Page 281: Configuring Radius

    RADIUS server software and define the method lists for RADIUS authentication. You can optionally define method lists for RADIUS authorization and accounting. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-3...
  • Page 282: Default Radius Configuration

    Access point-to-RADIUS-server communication involves several components: Host name or IP address • Authentication destination port • Accounting destination port • Key string • Timeout period • Retransmission value • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-4 OL-14209-01...
  • Page 283 RADIUS hosts providing a specific AAA service. This unique identifier enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. For Cisco IOS Releases 12.2(8)JA and later, the access point uses a randomly chosen UDP Note source port number in the range of 21645 to 21844 for communication with RADIUS servers.
  • Page 284 Enter SSID configuration mode for an SSID on which you need to enable accounting. The SSID can consist of up to 32 alphanumeric characters. SSIDs are case sensitive. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-6 OL-14209-01...
  • Page 285: Configuring Radius Login Authentication

    The software uses the first method listed to authenticate users; if that method fails to respond, the software selects the next authentication method in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-7...
  • Page 286 Step 7 Return to privileged EXEC mode. Step 8 show running-config Verify your entries. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-8 OL-14209-01...
  • Page 287: Defining Aaa Server Groups

    Beginning in privileged EXEC mode, follow these steps to define the AAA server group and associate a particular RADIUS server with it: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-9 OL-14209-01...
  • Page 288 Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Step 9 Enable RADIUS login authentication. See the “Configuring RADIUS Login Authentication” section on page 13-7. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-10 OL-14209-01...
  • Page 289: Configuring Radius Authorization For User Privileged Access And Network Services

    Use the local database if authentication was not performed by using RADIUS. • Authorization is bypassed for authenticated users who log in through the CLI even if authorization has Note been configured. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-11 OL-14209-01...
  • Page 290: Configuring Packet Of Disconnect

    The access point does not block subsequent attempts by the client to reassociate. It is the responsibility Note of the security administrator to disable the client account before issuing a PoD request. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-12 OL-14209-01...
  • Page 291: Starting Radius Accounting M

    Note disassociation request to the parent access point and then purges the session from its own internal tables. PoD is supported on the Cisco CNS Access Registrar (CAR) RADIUS server, but not on the Cisco Note Secure ACS Server, v4.0 and earlier.
  • Page 292: Selecting The Csid Format

    To return to the default CSID format, use the no form of the dot11 aaa csid command, or enter dot11 aaa csid default. You can also use the wlccp wds aaa csid command to select the CSID format. Note Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-14 OL-14209-01...
  • Page 293: Configuring Settings For All Radius Servers

    Step 5 radius-server deadtime minutes Use this command to cause the Cisco IOS software to mark as “dead” any RADIUS servers that fail to respond to authentication requests, thus avoiding the wait for the request to time out before trying the next configured server.
  • Page 294: Configuring The Access Point To Use Vendor-Specific Radius Attributes

    The Cisco RADIUS implementation supports one vendor-specific option by using the format recommended in the specification. Cisco’s vendor ID is 9, and the supported option has vendor type 1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization.
  • Page 295: Configuring The Access Point For Vendor-Proprietary Radius Server Communication

    Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the access point and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.
  • Page 296: Configuring Wispr Radius Attributes

    You can find a list of ISO and ITU country and area codes at the ISO and ITU websites. Cisco IOS software does not check the validity of the country and area codes that you configure on the access point.
  • Page 297: Displaying The Radius Configuration

    To display the RADIUS configuration, use the show running-config privileged EXEC command. Note When DNS is configured on the access point, the show running-config command sometimes displays a server’s IP address instead of its name. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-19 OL-14209-01...
  • Page 298: Radius Attributes Sent By The Access Point

    Description Class Session-Timeout Tunnel-Type Tunnel-Medium-Type EAP-Message Message-Authenticator Tunnel-Private-Group-ID VSA (attribute 26) LEAP session-key VSA (attribute 26) Auth-Algo-Type VSA (attribute 26) SSID 1. RFC2868; defines a VLAN override number. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-20 OL-14209-01...
  • Page 299 Acct-Session-Time Acct-Input-Packets Acct-Output-Packets NAS-Port-Type VSA (attribute 26) SSID VSA (attribute 26) NAS-Location VSA (attribute 26) VLAN-ID VSA (attribute 26) Connect-Progress VSA (attribute 26) Cisco-NAS-Port VSA (attribute 26) Interface Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-21 OL-14209-01...
  • Page 300 Microsoft IAS servers recognize reauthentication requests from the access point. Use the dot11 aaa authentication attributes service-type login-only global configuration command to set the service-type attribute in reauthentication requests to login-only. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-22 OL-14209-01...
  • Page 301: Configuring And Enabling Tacacs

    TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your access point. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-23 OL-14209-01...
  • Page 302: Tacacs+ Operation

    This process continues until there is successful communication with a listed method or the method list is exhausted. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-24...
  • Page 303: Default Tacacs+ Configuration

    Step 4 aaa group server tacacs+ group-name (Optional) Define the AAA server-group with a group name. This command puts the access point in a server group subconfiguration mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-25 OL-14209-01...
  • Page 304: Configuring Tacacs+ Login Authentication

    Beginning in privileged EXEC mode, follow these steps to configure login authentication: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-26 OL-14209-01...
  • Page 305: Configuring Tacacs+ Authorization For Privileged Exec Access And Network Services

    You can use the aaa authorization global configuration command with the tacacs+ keyword to set parameters that restrict an administrator’s network access to privileged EXEC mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-27 OL-14209-01...
  • Page 306: Starting Tacacs+ Accounting

    (AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting for each Cisco IOS privilege level and for network services:...
  • Page 307: Displaying The Tacacs+ Configuration

    To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global configuration command. Displaying the TACACS+ Configuration To display TACACS+ server statistics, use the show tacacs privileged EXEC command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-29 OL-14209-01...
  • Page 308 Chapter 13 Configuring RADIUS and TACACS+ Servers Configuring and Enabling TACACS+ Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 13-30 OL-14209-01...
  • Page 309: Configuring Vlans

    LAN in the following sections:. These sections describe how to configure your access point to support VLANs: Understanding VLANs, page 14-2 • Configuring VLANs, page 14-4 • VLAN Configuration Example, page 14-10 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-1 OL-14209-01...
  • Page 310: Understanding Vlans

    You can eliminate the excessive messages on the switch by disabling the keepalive function. Figure 14-1 shows the difference between traditional physical LAN segmentation and logical VLAN segmentation with wireless devices connected. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-2 OL-14209-01...
  • Page 311: Related Documents

    SSID 3 = VLAN 3 Related Documents These documents provide more detailed information pertaining to VLAN design and configuration: Cisco IOS Switching Services Configuration Guide. Click this link to browse to this document: • http://www.cisco.com/en/US/docs/ios/12_3/featlist/swit_vcg.html Cisco Internetwork Design Guide. Click this link to browse to this document: •...
  • Page 312: Incorporating Wireless Devices Into Vlans

    Assigning Names to VLANs, page 14-7 • • Using a RADIUS Server to Assign Users to VLANs, page 14-8 • Viewing VLANs Configured on the Access Point, page 14-9 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-4 OL-14209-01...
  • Page 313: Configuring A Vlan

    Enter interface configuration mode for the radio interface. The 2.4-GHz radio and the 2.4-GHz 802.11n radio is 0. The 5-GHz radio and the 5-GHz 802.11n radio is 1. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-5 OL-14209-01...
  • Page 314 Enable a VLAN on the Ethernet interface. [native] (Optional) Designate the VLAN as the native VLAN. On many networks, the native VLAN is VLAN 1. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-6 OL-14209-01...
  • Page 315: Assigning Names To Vlans

    • you can assign the same VLAN name to a different VLAN ID. If clients on your wireless LAN require seamless roaming, Cisco recommends that you assign Note the same VLAN name to the same VLAN ID across all access points, or that you use only VLAN IDs without names.
  • Page 316: Creating A Vlan Name

    IETF 64 (Tunnel Type): Set this attribute to VLAN • IETF 65 (Tunnel Medium Type): Set this attribute to 802 • IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-8 OL-14209-01...
  • Page 317: Using A Radius Server For Dynamic Mobility Group Assignment

    This is sample output from a show vlan command: Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation) vLAN Trunk Interfaces: Dot11Radio0 FastEthernet0 Virtual-Dot11Radio0 This is configured as native Vlan for the following interface(s) : Dot11Radio0 FastEthernet0 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-9 OL-14209-01...
  • Page 318: Vlan Configuration Example

    Faculty access—Medium level of access; users can access school’s Intranet and Internet, access internal files, access student databases, and view internal information such as human resources, payroll, and other faculty-related material. Faculty users are required to authenticate using Cisco LEAP.
  • Page 319 VLAN. This bridge group is moved to the native subinterface automatically to maintain the link to BVI 1, which represents both the radio and Ethernet interfaces. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-11 OL-14209-01...
  • Page 320 2 unicast-flooding bridge-group 2 spanning-disabled When you configure a bridge group on the FastEthernet interface, these commands are set automatically: no bridge-group 2 source-learning bridge-group 2 spanning-disabled Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 14-12 OL-14209-01...
  • Page 321: Configuring Qos

    It sends the packets without any assurance of reliability, delay bounds, or throughput. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Command Reference for Cisco Aironet Access Points and Bridges for this release.
  • Page 322: Understanding Qos For Wireless Lans

    They support Spectralink phones using the class-map IP protocol clause with the protocol value set • to 119. To contrast the wireless LAN QoS implementation with the QoS implementation on other Cisco network devices, see the Cisco IOS Quality of Service Solutions Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/index.htm Impact of QoS on a Wireless LAN Wireless LAN QoS features are a subset of the proposed 802.11e draft.
  • Page 323: Precedence Of Qos Settings

    You can use the Cisco IOS command dot11 phone dot11e command to enable the future upgrade of the 7920 Wireless Phone firmware to support the standard QBSS Load IE. The new 7920 Wireless Phone firmware will be announced at a later date.
  • Page 324: Using Wi-Fi Multimedia Mode

    Use the no dot11 qos mode wmm configuration interface command to disable WMM using the CLI. To disable WMM using the web-browser interface, unselect the check boxes for the radio interfaces on the QoS Advanced page. Figure 15-3 shows the QoS Advanced page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-4 OL-14209-01...
  • Page 325: Configuring Qos

    Configuring QoS Using the Web-Browser Interface This section describes configuring QoS using the web-browser interface. For a list of Cisco IOS commands for configuring QoS using the CLI, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
  • Page 326 You can also select two preconfigured QoS policies: WMM and Spectralink. When you select Note either of these, a set of default classifications are automatically populated in the Classification field. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-6 OL-14209-01...
  • Page 327 • Assured Forwarding — Class 3 High • Assured Forwarding — Class 4 Low Assured Forwarding — Class 4 Medium • Assured Forwarding — Class 4 High • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-7 OL-14209-01...
  • Page 328 Ethernet and radio ports. If VLANs are configured on the access point, drop-down menus for each VLANs’ virtual ports appear in this section. If VLANs are not configured on the access point, drop-down menus for each interface appear. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-8 OL-14209-01...
  • Page 329: The Qos Policies Advanced Page

    QoS. This setting operates independently from the QoS policies that you configure. Select dot11e to use the latest version of QBSS Load IE. If you leave this selection blank, the previous version QBSS Load IE is used. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-9 OL-14209-01...
  • Page 330: Igmp Snooping

    AVVID Priority Mapping AVVID priority mapping maps Ethernet packets tagged as class of service 5 to class of service 6. This feature enables the access point to apply the correct priority to voice packets for compatibility with Cisco AVVID networks.
  • Page 331 Voice <100ms Latency 1504 Figure 15-4 shows the Radio Access Categories page. Dual-radio access points have a Radio Access Categories page for each radio. Figure 15-4 Radio Access Categories Page Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-11 OL-14209-01...
  • Page 332: Configuring Nominal Rates

    Aironet Access Points and Bridges, which is available at cisco.com at the following URL: http://www.cisco.com/en/US/docs/wireless/access_point/12.4_10b_JA/command/reference/cr12410b-c hap2.html#wp3257080 The above rates work fine for Cisco phones. Third parties wireless phones may have a different nominal Note rate or minimum PHY rate. You may need to enable additional nominal rates for these phones.
  • Page 333 Enabling Admission Control This section describes how to enable admission control on an SSID. For a list of Cisco IOS commands for enabling admission control using the CLI, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
  • Page 334: Qos Configuration Examples

    Spectralink phones (protocol 119 packets). The user applies the voice_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port. Figure 15-5 shows the administrator’s QoS Policies page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-14 OL-14209-01...
  • Page 335: Giving Priority To Video Traffic

    The user applies the video_policy to the incoming and outgoing radio ports and to the outgoing Ethernet port. Figure 15-6 shows the administrator’s QoS Policies page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-15 OL-14209-01...
  • Page 336 Chapter 15 Configuring QoS QoS Configuration Examples Figure 15-6 QoS Policies Page for Video Example Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 15-16 OL-14209-01...
  • Page 337 This chapter describes how to configure Cisco Discovery Protocol (CDP) on your access point. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco Aironet IOS Command Reference for Access Points and Bridges for this release and the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2.
  • Page 338 CDP is sent on the lowest VLAN number configured on the access point. When more than on VLAN is used in a wireless network, Cisco recommends that the lowest VLAN number configured be used as the native VLAN...
  • Page 339 Beginning in privileged EXEC mode, follow these steps to enable CDP: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 cdp run Enable CDP after disabling it. Step 3 Return to privileged EXEC mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-3 OL-14209-01...
  • Page 340 To monitor and maintain CDP on your device, perform one or more of these tasks, beginning in privileged EXEC mode. Command Description clear cdp counters Reset the traffic counters to zero. clear cdp table Delete the CDP table of information about neighbors. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-4 OL-14209-01...
  • Page 341 Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Fri 06-Jul-01 18:18 by jang advertisement version: 2 Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=0000000 0FFFFFFFF010221FF00000000000000024B293A00FF0000 VTP Management Domain: '' Duplex: full ------------------------- Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-5 OL-14209-01...
  • Page 342 Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/8 is up, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-6 OL-14209-01...
  • Page 343 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 CDP version 1 advertisements output: 0, Input: 0 CDP version 2 advertisements output: 50882, Input: 52510 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-7 OL-14209-01...
  • Page 344 Chapter 17 Configuring CDP Monitoring and Maintaining CDP Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 17-8 OL-14209-01...
  • Page 345: Configuring Filters

    This chapter contains these sections: Understanding Filters, page 16-2 • Configuring Filters Using the CLI, page 16-2 • Configuring Filters Using the Web-Browser Interface, page 16-3 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-1 OL-14209-01...
  • Page 346: Understanding Filters

    To configure filters using CLI commands, you use access control lists (ACLs) and bridge groups. You can find explanations of these concepts and instructions for implementing them in these documents: Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.4. Click this link to •...
  • Page 347: Configuring Filters Using The Web-Browser Interface

    If you accidentally lock yourself out of your access point, use the CLI to disable the filters. Use the MAC Address Filters page to create MAC address filters for the access point. Figure 16-1 shows the MAC Address Filters page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-3 OL-14209-01...
  • Page 348: Creating A Mac Address Filter

    (0005.9a39.2110, for example). To make sure the filter operates properly, use lower case for all the letters in the MAC addresses Note that you enter. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-4 OL-14209-01...
  • Page 349 Step 12 both the Ethernet and radio ports, and to either or both incoming and outgoing packets. Click Apply. The filter is enabled on the selected ports. Step 13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-5 OL-14209-01...
  • Page 350: Using Mac Address Acls To Block Or Allow Client Association To The Access Point

    Figure 16-3 shows the Security Summary page. Step 2 Figure 16-3 Security Summary Page LBS access point WLSE LBS access point LBS access point location LBS access point server Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-6 OL-14209-01...
  • Page 351 Click the Association Access List tab to browse to the Association Access List page. Figure 16-5 shows Step 4 the Association Access List page. Figure 16-5 Association Access List Page Select your MAC address ACL from the drop-down menu. Step 5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-7 OL-14209-01...
  • Page 352: Creating A Time-Based Acl

    It also permits a Telnet session to the AP on weekdays. Apply the time-based ACL to the Ethernet interface: Step 7 interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip access-group 101 in Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-8 OL-14209-01...
  • Page 353: Acl Logging

    In this example, only client devices with MAC addresses listed in access list 777 are allowed to associate to the access point. The access point blocks associations from all other MAC addresses. For complete descriptions of the commands used in this example, consult the Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges.
  • Page 354 Click Services in the page navigation bar. In the Services page list, click Filters. On the Apply Filters page, click the IP Filters tab at the top of the page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-10 OL-14209-01...
  • Page 355: Creating An Ip Filter

    Click Add. The protocol appears in the Filters Classes field. To remove the protocol from the Filters Step 14 Classes list, select it and click Delete Class. Repeat Step 12 Step 14 to add protocols to the filter. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-11 OL-14209-01...
  • Page 356: Configuring And Enabling Ethertype Filters

    You can apply the filters you create to either or both the Ethernet and radio ports and to either or both incoming and outgoing packets. Use the Ethertype Filters page to create Ethertype filters for the access point. Figure 16-8 shows the Ethertype Filters page. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-12 OL-14209-01...
  • Page 357: Creating An Ethertype Filter

    Enter the mask for the Ethertype in the Mask field. If you enter 0, the mask requires an exact match of Step 5 the Ethertype. Select Forward or Block from the Action menu. Step 6 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-13 OL-14209-01...
  • Page 358 Ethernet and radio ports, and to either or both incoming and outgoing packets. Click Apply. The filter is enabled on the selected ports. Step 12 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 16-14 OL-14209-01...
  • Page 359: Configuring Snmp

    This chapter describes how to configure the Simple Network Management Protocol (SNMP) on your access point. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Command Reference for Cisco Aironet Access Points and Bridges for this release and to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.3.
  • Page 360: Understanding Snmp

    An agent can communicate with multiple managers; therefore, you can configure the software to support communications with one management station using the SNMPv3 protocol and another using the SNMPv2 or SNMPv1 protocol. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-2 OL-14209-01...
  • Page 361: Snmp Manager Functions

    1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command works only with SNMPv2. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-3 OL-14209-01...
  • Page 362: Snmp Agent Functions

    SNMP Network get-request, get-next-request, Network device get-bulk, set-request get-response, traps SNMP agent SNMP manager For information on supported MIBs and how to access them, see Appendix B, “Supported MIBs.” Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-4 OL-14209-01...
  • Page 363: Default Snmp Configuration

    You can also enable SNMP on the SNMP Properties page on the web-browser interface. When you enable SNMP on the web-browser interface, the access point automatically creates a community string called public with read-only access to the IEEE802dot11 MIB. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-5 OL-14209-01...
  • Page 364: Configuring Community Strings

    • Read and write or read-only permission for the MIB objects accessible to the community In the current Cisco IOS MIB agent implementation, the default community string is for the Internet Note MIB object sub-tree. Because IEEE802dot11 is under another branch of the MIB object tree, you must enable either a separate community string and view on the IEEE802dot11 MIB or a common view and community string on the ISO object in the MIB object tree.
  • Page 365: Specifying Snmp-Server Group Names

    [groupname {v1 | v2c | v3 [auth | noauth Configures a new SNMP group, or a table that maps SNMP | priv]}][read readview] [write writeview] [notify notifyview] users to SNMP views. [access access-list] Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-7 OL-14209-01...
  • Page 366: Configuring Snmp-Server Hosts

    By default, no trap manager is defined, and no traps are issued. Access points running this Cisco IOS release can have an unlimited number of trap managers. Community strings can be any length.
  • Page 367 Table 18-4 on page 18-8. To enable multiple types of traps, you must issue a separate snmp-server enable traps command for each trap type. Step 4 Return to privileged EXEC mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-9 OL-14209-01...
  • Page 368: Setting The Agent Contact And Location Information

    SNMP manager to access all objects with read-only permissions using the community string public. This configuration does not cause the access point to send any traps. AP(config)# snmp-server community public Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 18-10 OL-14209-01...
  • Page 369 AP(config)# snmp-server enable traps entity AP(config)# snmp-server host cisco.com restricted entity This example shows how to enable the access point to send all traps to the host myhost.cisco.com using the community string public: AP(config)# snmp-server enable traps AP(config)# snmp-server host myhost.cisco.com public...
  • Page 370: Displaying Snmp Status

    To display SNMP input and output statistics, including the number of illegal community string entries, errors, and requested variables, use the show snmp privileged EXEC command. For information about the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.3.
  • Page 371: Configuring Repeater And Standby Access Points And Workgroup Bridge Mode

    Configuring a Hot Standby Access Point, page 19-9 • Understanding Workgroup Bridge Mode, page 19-13 • Configuring Workgroup Bridge Mode, page 19-16 • The Workgroup Bridge in a Lightweight Environment, page 19-18 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-1 OL-14209-01...
  • Page 372: Understanding Repeater Access Points

    Aironet extensions, which are enabled by default, improve the access point's ability to understand the capabilities of Cisco Aironet client devices associated with the access point. Disabling Aironet extensions sometimes improves the interoperability between the access point and non-Cisco client devices.
  • Page 373: Configuring A Repeater Access Point

    • Aligning Antennas, page 19-6 • Setting Up a Repeater As a LEAP Client, page 19-7 • Setting Up a Repeater As a WPA Client, page 19-8 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-3 OL-14209-01...
  • Page 374: Default Configuration

    LAN, but they drastically reduce throughput. • Use repeaters when most if not all client devices that associate with the repeaters are Cisco Aironet clients. Non-Cisco client devices sometimes have trouble communicating with repeater access points.
  • Page 375: Setting Up A Repeater

    Enter a timeout value from 0 to 65535 seconds. Step 9 Return to privileged EXEC mode. Step 10 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-5 OL-14209-01...
  • Page 376: Aligning Antennas

    7/8 of a second and off for 1/8 of a second) when it is associated with the root access point but the repeater has no client devices associated to it. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-6...
  • Page 377: Setting Up A Repeater As A Leap Client

    You can set up a repeater access point to authenticate to your network like other wireless client devices. After you provide a network username and password for the repeater access point, it authenticates to your network using LEAP, Cisco's wireless authentication method, and receives and uses dynamic WEP keys.
  • Page 378: Setting Up A Repeater As A Wpa Client

    8 to 63 ASCII characters, and the access point expands the key for you. Step 8 Return to privileged EXEC mode. Step 9 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-8 OL-14209-01...
  • Page 379: Understanding Hot Standby

    Data rates • WEP settings • Authentication types and authentication servers • Check the monitored access point and record these settings before you set up the standby access point. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-9 OL-14209-01...
  • Page 380 SSID unless you also enter the optional keyword. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-10 OL-14209-01...
  • Page 381 If the access point is not in standby mode, no iapp standby mac-address appears. Step 12 Return to privileged EXEC mode. Step 13 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-11 OL-14209-01...
  • Page 382: Verifying Standby Operation

    If a standby access point takes over for the monitored access point, you can use the show iapp statistics command to help determine the reason that the standby access point took over. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-12...
  • Page 383: Understanding Workgroup Bridge Mode

    Although it functions as a bridge, an access point in workgroup bridge mode has a limited radio range. Note Workgroup bridges do not support the distance setting, which enables you to configure wireless bridges to communicate across several kilometers. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-13 OL-14209-01...
  • Page 384: Treating Workgroup Bridges As Infrastructure Devices Or As Client Devices

    SSID that is not an infrastructure SSID. The performance cost of reliable multicast delivery—duplication of each multicast packet sent to each workgroup bridge—limits the number of infrastructure devices, including workgroup Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-14 OL-14209-01...
  • Page 385: Configuring A Workgroup Bridge For Roaming

    Channels are added to the known channel list only if they are also a part of the limited channel set. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-15...
  • Page 386: Ignoring The Ccx Neighbor List

    Beginning in privileged EXEC mode, follow these steps to configure an access point as a workgroup bridge: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface dot11radio {0 | 1} Enter interface configuration mode for the radio interface. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-16 OL-14209-01...
  • Page 387 Step 12 Return to privileged EXEC mode. Step 13 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-17 OL-14209-01...
  • Page 388: The Workgroup Bridge In A Lightweight Environment

    If the lightweight access point fails, the workgroup bridge attempts to associate to another access point. Note Guidelines for Using Workgroup Bridges in a Lightweight Environment Follow these guidelines for using workgroup bridges on your lightweight network: Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 19-18 OL-14209-01...
  • Page 389 The workgroup bridge can be any autonomous access point that supports the workgroup bridge • mode and is running Cisco IOS Release JA or greater (on 32-MB access points) or Cisco IOS Release 12.3(8)JEB or greater (on 16-MB access points). These access points include the AP1121, AP1130, AP1231, AP1240, AP 1250 and AP1310.
  • Page 390: Sample Workgroup Bridge Configuration

    1 and 255, and seconds is a value between 10 and 1,000,000 seconds. Cisco recommends configuring the seconds parameter to a value greater than the wired client’s idle period. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points...
  • Page 391: Managing Firmware And Configurations

    This chapter describes how to manipulate the Flash file system, how to copy configuration files, and how to archive (upload and download) software images. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Note Command Reference for Access Points and Bridges for this release and the Cisco IOS Configuration Fundamentals Command Reference for Release 12.4.
  • Page 392: Working With The Flash File System

    File Transfer Protocol (TFTP) network server. zflash:—Read-only file decompression file system, which mirrors the contents of the Flash file system. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-2 OL-14209-01...
  • Page 393: Setting The Default File System

    Step 2 cd new_configs Change to the directory of interest. The command example shows how to change to the directory named new_configs. Step 3 Display the working directory. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-3 OL-14209-01...
  • Page 394: Creating And Removing Directories

    Local writable file systems include flash:. Some invalid combinations of source and destination exist. Specifically, you cannot copy these combinations: From a running configuration to a running configuration • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-4 OL-14209-01...
  • Page 395: Deleting Files

    For the local Flash file system, the syntax is • flash:/file-url • For the File Transfer Protocol (FTP), the syntax is ftp:[[//username[:password]@location]/directory]/tar-filename.tar • For the Remote Copy Protocol (RCP), the syntax is rcp:[[//username@location]/directory]/tar-filename.tar Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-5 OL-14209-01...
  • Page 396: Displaying The Contents Of A Tar File

    (219 bytes) info.ver (219 bytes) This example shows how to display only the c1200-k9w7-mx.122-8.JA/html directory and its contents: ap# archive tar /table flash:c1200-k9w7-mx.122-8.JA/html c1200-k9w7-mx.122-8.JA/html/ (directory) c1200-k9w7-mx.122-8.JA/html/foo.html (0 bytes) Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-6 OL-14209-01...
  • Page 397: Extracting A Tar File

    This section describes how to create, load, and maintain configuration files. Configuration files contain commands entered to customize the function of the Cisco IOS software. To better benefit from these instructions, your access point contains a minimal default running configuration for interacting with the system software.
  • Page 398: Guidelines For Creating And Using Configuration Files

    For example, if the copied configuration file contains a different IP address in a particular command than the existing configuration, the IP address in the copied Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-8...
  • Page 399: Configuration File Types And Location

    Preparing to Download or Upload a Configuration File by Using TFTP, page 20-10 • Downloading the Configuration File by Using TFTP, page 20-10 • Uploading the Configuration File by Using TFTP, page 20-11 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-9 OL-14209-01...
  • Page 400 Specify the IP address or host name of the TFTP server and the name of the file to download. Use one of these privileged EXEC commands: copy tftp:[[[//location]/directory]/filename] system:running-config • copy tftp:[[[//location]/directory]/filename] nvram:startup-config • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-10 OL-14209-01...
  • Page 401: Copying Configuration Files By Using Ftp

    The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy a configuration file from the access point to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
  • Page 402: Preparing To Download Or Upload A Configuration File By Using Ftp

    “Preparing to Download or Upload a Configuration File by Using FTP” section on page 20-12. Step 2 Log into the access point through a Telnet session. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-12 OL-14209-01...
  • Page 403 %SYS-5-CONFIG_NV:Non-volatile store configured from host2-config by ftp from 172.16.101.101 Uploading a Configuration File by Using FTP Beginning in privileged EXEC mode, follow these steps to upload a configuration file by using FTP: Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-13 OL-14209-01...
  • Page 404: Copying Configuration Files By Using Rcp

    RCP copy commands rely on the rsh server (or daemon) on the remote system. To copy files by using RCP, you do not need to create a server for file distribution as you do with TFTP. You only need to have Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-14...
  • Page 405: Preparing To Download Or Upload A Configuration File By Using Rcp

    The RCP requires a client to send a remote username with each RCP request to a server. When you copy a configuration file from the access point to a server, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
  • Page 406 Address of remote host [255.255.255.255]? 172.16.101.101 Name of configuration file[rtr2-confg]? host2-confg Configure using host2-confg from 172.16.101.101?[confirm] Connected to 172.16.101.101 Loading 1112 byte file host2-confg:![OK] [OK] Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-16 OL-14209-01...
  • Page 407: Clearing Configuration Information

    Remote host[]? 172.16.101.101 Name of configuration file to write [ap2-confg]? Write file ap2-confg on host 172.16.101.101?[confirm] ![OK] Clearing Configuration Information This section describes how to clear configuration information. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-17 OL-14209-01...
  • Page 408: Deleting A Stored Configuration File

    Image Location on the Access Point The Cisco IOS image is stored in a directory that shows the version number. A subdirectory contains the HTML files needed for web management. The image is stored on the system board Flash memory (flash:).
  • Page 409: Tar File Format Of Images On A Server Or Cisco.com

    Managing Firmware and Configurations Working with Software Images tar File Format of Images on a Server or Cisco.com Software images located on a server or downloaded from Cisco.com are provided in a tar file format, which contains these files: •...
  • Page 410: Downloading An Image File By Using Tftp

    “Preparing to Download or Upload an Image File by Using TFTP” section on page 20-19 Step 2 Log into the access point through a Telnet session. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-20 OL-14209-01...
  • Page 411 If you specify the /leave-old-sw, the existing files are not removed. If there is not enough space to install the new image and keep the current running image, the download process stops, and an error message is displayed. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-21 OL-14209-01...
  • Page 412: Copying Image Files By Using Ftp

    The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, the HTML files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format.
  • Page 413: Downloading An Image File By Using Ftp

    The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy an image file from the access point to a server by using FTP, the Cisco IOS software sends the first valid username in this list: •...
  • Page 414 (Optional) Change the default remote username. Step 5 ip ftp password password (Optional) Change the default password. Step 6 Return to privileged EXEC mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-24 OL-14209-01...
  • Page 415 If the Flash device has sufficient space to hold two images and you want to overwrite one of these images with the same version, you must specify the /overwrite option. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-25...
  • Page 416 (see Steps 4, 5, and 6). Step 4 ip ftp username username (Optional) Change the default remote username. Step 5 ip ftp password password (Optional) Change the default password. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-26 OL-14209-01...
  • Page 417: Copying Image Files By Using Rcp

    The archive upload-sw command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, the HTML files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format.
  • Page 418 RCP requires a client to send a remote username on each RCP request to a server. When you copy an image from the access point to a server by using RCP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
  • Page 419 This step is required only if you override the default remote username (see Steps 4 and 5). Step 4 ip rcmd remote-username username (Optional) Specify the remote username. Step 5 Return to privileged EXEC mode. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-29 OL-14209-01...
  • Page 420 Flash device whether or not it is the same as the new one, downloads the new image, and then reloads the software. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-30...
  • Page 421 This step is required only if you override the default remote username (see Steps 4 and 5). Step 4 ip rcmd remote-username username (Optional) Specify the remote username. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-31 OL-14209-01...
  • Page 422: Reloading The Image Using The Web Browser Interface

    The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, the HTML files, and info.ver. After these files are uploaded, the upload algorithm creates the tar file format.
  • Page 423: Browser Tftp Interface

    If the file is located in the TFTP root directory, enter only the filename. Click the Upgrade button. Step 9 For additional information click the Help icon on the Software Upgrade screen. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-33 OL-14209-01...
  • Page 424 Chapter 20 Managing Firmware and Configurations Working with Software Images Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 20-34 OL-14209-01...
  • Page 425: Configuring System Message Logging

    This chapter describes how to configure system message logging on your access point. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.3. This chapter consists of these sections: Understanding System Message Logging, page 21-2 •...
  • Page 426: Configuring System Message Logging

    The part of the message preceding the percent sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-2 OL-14209-01...
  • Page 427: Default System Message Logging Configuration

    System message logging to the console Enabled Console severity Debugging (and numerically lower levels; Table 21-3 on page 21-8) Logging buffer size 4096 bytes Logging history size 1 message Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-3 OL-14209-01...
  • Page 428: Disabling And Enabling Message Logging

    “Enabling and Disabling Timestamps on Log Messages” section on page 21-6. To re-enable message logging after it has been disabled, use the logging on global configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-4 OL-14209-01...
  • Page 429: Setting The Message Display Destination Device

    To disable logging to the console, use the no logging console global configuration command. To disable logging to a file, use the no logging file [severity-level-number | type] global configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-5...
  • Page 430: Enabling And Disabling Timestamps On Log Messages

    Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable sequence numbers, use the no service sequence-numbers global configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-6 OL-14209-01...
  • Page 431: Defining The Message Severity Level

    To disable logging to syslog servers, use the no logging trap global configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-7...
  • Page 432: Limiting Syslog Messages Sent To The History Table And To Snmp

    By default, one message of the level warning and numerically lower levels (see Table 21-3 on page 21-8) are stored in the history table even if syslog traps are not enabled. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-8 OL-14209-01...
  • Page 433: Setting A Logging Rate Limit

    Return to privileged EXEC mode. Step 4 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable the rate limit, use the no logging rate-limit global configuration command. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-9 OL-14209-01...
  • Page 434: Configuring Unix Syslog Servers

    Log messages to a UNIX syslog server host by entering its IP address. To build a list of syslog servers that receive logging messages, enter this command more than once. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 21-10 OL-14209-01...
  • Page 435 IP address. To disable logging to syslog servers, enter the no logging trap global configuration command. Table 21-4 lists the 4.3 BSD UNIX system facilities supported by the Cisco IOS software. For more information about these facilities, consult the operator’s manual for your UNIX operating system. Table 21-4...
  • Page 436: Displaying The Logging Configuration

    To display the current logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.2.
  • Page 437: Wireless Device Troubleshooting

    Wireless Device Troubleshooting This chapter provides troubleshooting procedures for basic problems with the wireless device. For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at the following URL (select Top Issues and then select Wireless Technologies): http://www.cisco.com/tac...
  • Page 438: Checking The Top Panel Indicators

    “Indicators on 1130 Series Access Points” section on page 22-6 for information on 1130 series access point indicators. Figure 22-1 Indicators on the 1200 Series Access Point Ethernet Status Radio Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-2 OL-14209-01...
  • Page 439 Indicators on the 350 Series Access Point (Plastic Case) CISCO AIRONET 350 SERIES W I R E L E S S A C C E S S P O I N T Ethernet Status Radio Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-3 OL-14209-01...
  • Page 440 At least one wireless client device is status associated with the unit. – Blinking – No client devices are associated; check the green wireless device’s SSID and WEP settings. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-4 OL-14209-01...
  • Page 441 Firmware failure; try disconnecting and reconnecting unit power. Blinking red – – Hardware failure. The wireless device must be replaced. Firmware – – Loading new firmware image. Upgrade Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-5 OL-14209-01...
  • Page 442: Indicators On 1130 Series Access Points

    1130 Series Access Point LEDs Status LED Ethernet LED Access point cover Radio LED Note To view the Ethernet and Radio LEDs you must open the access point cover. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-6 OL-14209-01...
  • Page 443 (Mode button pressed for 2 to 3 seconds). Pink Image recovery (Mode button pressed for 20 to 30 seconds) Blinking Blinking Image recovery in progress and Mode button is green pink and off released. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-7 OL-14209-01...
  • Page 444 Maximum retries or buffer full occurred on the radio. amber Orange Software failure; try disconnecting and reconnecting unit power. Orange General warning, insufficient inline power. Blinking Blinking Blinking User activation of location indicator. green green green Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-8 OL-14209-01...
  • Page 445: Indicators On 1240 Series Access Points

    Ethernet link is operational. Blinking — — Transmitting or receiving Ethernet packets. green — Blinking — Transmitting or receiving radio packets. green — — Blinking Software upgrade in progress dark blue Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-9 OL-14209-01...
  • Page 446 Maximum retries or buffer full occurred on the radio. amber Amber Software failure; try disconnecting and reconnecting unit power. — — Amber General warning, insufficient inline power (see the Low Power Condition section). Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-10 OL-14209-01...
  • Page 447: Indicators On 1250 Access Points

    LEDs (for additional information refer to the Event Log using the access point browser interface). Figure 22-7 shows the 1250 series access point LEDs. Figure 22-7 1250 Series Access Point LEDs ETHERNET STATUS RADIO ETHERNET STATUS RADIO Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-11 OL-14209-01...
  • Page 448 (Mode button pressed for 2 to 3 seconds). Image recovery (Mode button pressed for 20 to 30 seconds). Blinking green Blinking green Red Image recovery in progress and Mode button is released. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-12 OL-14209-01...
  • Page 449 Blinking amber Maximum retries or buffer full occurred on the radio. Software failure; try disconnecting and reconnecting unit power. — Cycle through — General warning, insufficient inline power blue, green, red, and off Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-13 OL-14209-01...
  • Page 450: Indicators On 1300 Outdoor Access Point/Bridges

    You can use them to quickly assess the unit’s status. For information on using the LEDs during the installation and alignment of the access point/bridge antenna, refer to the Cisco Aironet 1300 Series Outdoor Access Point/Bridge Mounting Instructions that shipped with your access point/bridge.
  • Page 451 LED flashing red to count out the first digit, then a short pause, followed by the LED flashing red to count out the second digit. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-15 OL-14209-01...
  • Page 452: Power Injector

    The power injector LED is shown in Figure 22-9. Figure 22-9 Power Injector Dual-coax Ethernet ports (F-Type connectors) Ethernet LAN port (RJ-45 connector) Power LED Console serial port (RJ-45 connector) Power jack Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-16 OL-14209-01...
  • Page 453: Checking Power

    For full operation, the 1130 and 1240 series access points require 12.95 W of power. The power module and Cisco Aironet power injectors are capable of supplying the required power for full operation, but some inline power sources are not capable of supplying 12.95 W. Also, some high-power inline power sources, might not be able to provide 12.95 W of power to all ports at the same time.
  • Page 454: Checking Basic Settings

    If a wireless client is unable to authenticate with the wireless device, contact the system administrator for proper security settings in the client adapter and for the client adapter driver and firmware versions that are compatible with the wireless device settings. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-18 OL-14209-01...
  • Page 455: Resetting To The Default Configuration

    CLI interfaces. The following steps reset all configuration settings to factory defaults, including passwords, WEP keys, Note the IP address, and the SSID. The default username and password are both Cisco, which is case-sensitive. Using the MODE Button Follow these steps to delete the current configuration and return all access point settings to the factory defaults using the MODE button.
  • Page 456: Using The Web Browser Interface

    After the wireless device reboots, you must reconfigure the wireless device by using the Web-browser Step 9 interface or the CLI. The default username and password are Cisco, which is case-sensitive. Using the CLI Follow the steps below to delete the current configuration and return all wireless device settings to the factory defaults using the CLI.
  • Page 457: Reloading The Access Point Image

    The wireless device is configured with factory default values, including the IP address (set to receive an Note IP address using DHCP) and the default username and password (Cisco). When IOS software is loaded, you can use the del privileged EXEC command to delete the config.old Step 9 file from Flash.
  • Page 458: Using The Mode Button

    HTTP or TFTP interfaces. Note Your wireless device configuration does not change when you use the browser to reload the image file. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-22 OL-14209-01...
  • Page 459: Browser Http Interface

    If the file is located in the TFTP root directory, enter only the filename. Step 9 Click Upload. For additional information click the Help icon on the Software Upgrade screen. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-23 OL-14209-01...
  • Page 460: Using The Cli

    When the display becomes full, the CLI pauses and displays . Press the spacebar to continue. Step 7 --MORE-- extracting info (229 bytes) c350-k9w7-mx.122-13.JA1/ (directory) 0 (bytes) c350-k9w7-mx.122-13.JA1/html/ (directory) 0 (bytes) c350-k9w7-mx.122-13.JA1/html/level1/ (directory) 0 (bytes) Cisco IOS Software Configuration Guide for Cisco Aironet Access Points 22-24 OL-14209-01...
  • Page 461: Obtaining The Access Point Image File

    Obtaining the Access Point Image File You can obtain the wireless device image file from the Cisco.com by following these steps: Use your Internet browser to access the Cisco Software Center home page: Step 1 http://www.cisco.com/cisco/software/navigator.html Expand the Wireless LAN Access folder.
  • Page 462: Obtaining Tftp Server Software

    Save the file to a director on your hard drive. Step 14 Obtaining TFTP Server Software You can download TFTP server software from several websites. Cisco recommends the shareware TFTP utility available at this URL: http://tftpd32.jounin.net Follow the instructions on the website for installing and using the utility.
  • Page 463: Appendix

    In each table, the Protocol column lists the protocol name, the Additional Identifier column lists other names for the same protocol, and the ISO Designator column lists the numeric designator for each protocol. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 464 Novell IPX (old) — 0x8137 Novell IPX (new) 0x8138 EAPOL (old) — 0x8180 EAPOL (new) — 0x888E Telxon TXP 0x8729 Aironet DDP 0x872D Enet Config Test — 0x9000 NetBUI — 0xF0F0 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 465: Appendix A Protocol Filter

    Internet Group Management Protocol IGMP Transmission Control Protocol Exterior Gateway Protocol — CHAOS — User Datagram Protocol XNS-IDP ISO-TP4 ISO-CNLP CNLP Banyan VINES VINES Encapsulation Header encap_hdr Spectralink Voice Protocol Spectralink — Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 466 — BOOTP Server — BOOTP Client — TFTP — gopher — netrjs finger — Hypertext Transport Protocol HTTP ttylink link Kerberos v5 Kerberos krb5 supdup — hostname hostnames Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 467 ISO CMIP Management Over IP CMIP Management Over IP cmip-man CMOT ISO CMIP Agent Over IP cmip-agent X Display Manager Control xdmcp Protocol NeXTStep Window Server NeXTStep Border Gateway Protocol Prospero — Internet Relay Chap Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 468 SAMBA swat SUP debugging supfiledbg 1127 ingreslock — 1524 Prospero non-priveleged prospero-np 1525 RADIUS — 1812 Concurrent Versions System 2401 Cisco IAPP — 2887 Radio Free Ethernet 5002 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 469: Appendix

    Supported MIBs This appendix lists the Simple Network Management Protocol (SNMP) Management Information Bases (MIBs) that the access point supports for this software release. The Cisco IOS SNMP agent supports SNMPv1, SNMPv2, and SNMPv3. This appendix contains these sections: MIB List, page B-1 •...
  • Page 470: Appendix B Supported Mib

    Use the get MIB_filename command to obtain a copy of the MIB file. Step 5 Note You can also access information about MIBs on the Cisco web site: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 471: Appendix

    External Radius Server Error Messages, page C-26 • LWAPP Error Messages, page C-26 • Sensor Messages, page C-27 • SNMP Error Messages, page C-28 • SSH Error Messages, page C-29 • Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 472: Conventions

    An integer number. 2450 A MAC address. 000b.fcff.b04e A message string which “Attempt to protect port 1640 failed.” provides more detail of the error. A hexadecimal number. 0x001 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 473: Appendix C Error And Event Message

    Error Message DOT11-4-UPGRADE: “Send your company name and the following report to migrateapj52w52@cisco.com.” The following AP has been migrated from J(j52) to U(w52) Regulatory Domain:AP name AP Model Ethernet MAC %s %s %e \U\Regulatory Doman A Japan regulatory domain field upgrade from J to U has been accomplished.
  • Page 474 Error Message AVR_IMAGE_UPDATE-4-UPDATE_START: “The system is updating the AVR "$d" firmware. Please wait . . . “ The system is updating the AVR firmware. Explanation No action is required. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 475: Association Management Messages

    The encryption setting of the indicated interface and indicated station may be Explanation mismatched. Check the encryption configuration of this interface and the failing station to Recommended Action ensure that the configurations match. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 476: Unzip Messages

    Make sure that the file is a valid HTML page. If it is, you need to copy an uncompressed version of the file into Flash to retrieve it through HTTP. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 477: 802.11 Subsystem Messages

    Error Message DOT11-2-VERSION_INVALID: “Interface %d, unable to find required radio version %x.%x/ %d/ When trying to re-flash the radio firmware on the indicated interface, the access point Explanation recognized that the indicated radio firmware packaged with the Cisco IOS software had the incorrect version. None. Recommended Action Error Message DOT11-3-RADIO_OVER_TEMPERATURE: “Interface %s Radio over temperature...
  • Page 478 Error Message DOT11-6-DFS_SCAN_COMPLETE: “DFS scan complete on frequency %d MHz.” Explanation The device has completed its Dynamic Frequency Scan (DFS) frequency scanning process on the displayed frequency. Recommended Action None. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 479 Not more than 1 SSID can have shared authentication method when MBSSID is not Explanation enabled. Remove Dot11Radio radio interface or change authentication mode for SSID Recommended Action to open configuration. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points OL-14209-01...
  • Page 480 Error Message DOT11-4-UPLINK_ESTABLISHED: “Interface %s associated to AP %s %e %s. The indicated repeater has associated to the indicated root access point. Clients can now Explanation associate to the indicated repeater and traffic can pass. None. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-10 OL-14209-01...
  • Page 481 Error Message DOT11-2-RESET_RADIO: “Interface %s, Radio %s, Trying hardware reset on radio.” Using a software reset to start a radio failed. Trying a hardware reset which will reset Explanation all radios on the unit. None. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-11 OL-14209-01...
  • Page 482 Error Message DOT11-4-RADIO_INVALID_FREQ: “Operating frequency (%d) invalid - performing a channel scan.” The indicated frequency is invalid for operation. A channel scan is being performed to Explanation select a valid frequency. None. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-12 OL-14209-01...
  • Page 483 When attempting to apply a beacon or probe response to the radio, the beacon or probe Explanation was undefined on the indicated SSID index. Check the IE configuration. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-13 OL-14209-01...
  • Page 484 Recommended Action on the type of radio used. To resolve this issue you may have to reload the access point with a new Cisco IOS image. Instructions for reloading an image are found in “Reloading the Access Point Image” section on page 22-21.
  • Page 485 Fold the antenna on the AIR-RM21A radio module so that it is oriented 90 Recommended Action degrees to the body of the access point. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-15 OL-14209-01...
  • Page 486 Error Message DOT11-7-CCKM_AUTH_FAILED: “Station %e CCKM authentication failed.” The indicated station failed CCKM authentication. Explanation Verify that the topology of the access points configured to use the WDS access Recommended Action point is functional. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-16 OL-14209-01...
  • Page 487 The access point received an EAPOL-key from the indicated station notifying the access Explanation point that TKIP Michael MIC failed on a packet transmitted by this access point. None. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-17 OL-14209-01...
  • Page 488 %e.” The VLAN name returned by the RADIUS server must be configured in the access Explanation point. Configure the VLAN name in the access point. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-18 OL-14209-01...
  • Page 489 Error Message SOAP_FIPS-2-SELF_TEST_RAD_FAILURE: “RADIO crypto FIPS self test failed at %s on interface %s %d.” SOAP FIPS self test on radio crypto routine failed. Explanation Check radio image. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-19 OL-14209-01...
  • Page 490: Inter-Access Point Protocol Messages

    Recommended Action Error Message DOT11-6-ROGUE_AP: “Rogue AP %e reported. Reason: %s.” A station has reported a potential rogue access point for the indicated reason. Explanation Recommended Action None. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-20 OL-14209-01...
  • Page 491: Local Authenticator Messages

    Check the configuration of the 802.1x credentials on the client as well as the Recommended Action RADIUS server. Error Message DOT1X-SHIM-3-INIT_FAIL: “Unable to init - %s.” Explanation An error occurred during the initialization of the shim layer. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-21 OL-14209-01...
  • Page 492 Thus avoids the time needed to wait for a request to time Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-22...
  • Page 493: Wds Messages

    Error Message WLCCP-AP-6-UNSUP_VER_WDS: An unsupported version of WDS is detected The access point detected an unsupported version of WDS. Explanation Check for an unsupported version of WDS on your network. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-23 OL-14209-01...
  • Page 494: Mini Ios Messages

    Initialization failed on attempting to protect port. None. Recommended Action Error Message MTS-2-SET_PW_FAILURE: Error %d enabling secret password. Initialization failed when the user attempted to enable a secret password. Explanation None Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-24 OL-14209-01...
  • Page 495: Access Point/Bridge Messages

    Cisco Discovery Protocol Messages Error Message CDP_PD-2-POWER_LOW: %s - %s %s (%e) The system is not supplied with sufficient power. Explanation Reconfigure or replace the source of inline power. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-25 OL-14209-01...
  • Page 496: External Radius Server Error Messages

    Explanation No action is required. Recommended Action Error Message LWAPP-5-WRONG_DFS_SLOT: DFS action on non-DFS radio “d” DFS action on radio b/g Explanation No action is required. Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-26 OL-14209-01...
  • Page 497: Sensor Messages

    Enter the show environment all to help determine if this is due to volatage condition. This condition could cause the system to fail to operate properly. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-27 OL-14209-01...
  • Page 498: Snmp Error Messages

    This is not permitted because it will fail and device will reboot down the stack in malloc call. If this messages recurs, copy it exactly as it appears and report it to your Recommended Action technical support representative. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-28 OL-14209-01...
  • Page 499: Ssh Error Messages

    Error Message SSH-5-SSH2_USERAUTH: User ’”%s”’ authentication for SSH2 Session from ”%s” (tty = “%d”) using crypto cipher ’”%s”’, hmac ’”%s”’ ”%s” Explanation The SSH user authentication status information No action necessary - informational message Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-29 OL-14209-01...
  • Page 500 Error Message SSH-5-SSH_USERAUTH: User ’”%s”’ authentication for SSH Session from ”%s” (tty = “%d”) using crypto cipher ’”%s”’ ”%s” The SSH user authentication status information Explanation No action necessary - informational message Recommended Action Cisco IOS Software Configuration Guide for Cisco Aironet Access Points C-30 OL-14209-01...
  • Page 501 The random length of time that a station waits before sending a packet on the backoff time LAN. Backoff time is a multiple of slot time, so a decrease in slot time ultimately decreases the backoff time, which increases throughput. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points GL-1 OL-14209-01...
  • Page 502 Dynamic host configuration protocol. A protocol available with many operating DHCP systems that automatically issues IP addresses within a specified range to devices on the network. The device retains the assigned address for a specific administrator-defined period. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points GL-2 OL-14209-01...
  • Page 503 The body responsible for the Ethernet 802.3 and wireless LAN 802.11 specifications. The wired Ethernet network. infrastructure The Internet Protocol (IP) address of a station. IP address Cisco IOS Software Configuration Guide for Cisco Aironet Access Points GL-3 OL-14209-01...
  • Page 504 A measurement of the weakest signal a receiver can receive and still correctly receiver sensitivity translate it into data. Radio frequency. A generic term for radio-based technology. Cisco IOS Software Configuration Guide for Cisco Aironet Access Points GL-4 OL-14209-01...
  • Page 505 A feature of some Access Points that allows users to move through a facility roaming while maintaining an unbroken connection to the LAN. A connector type unique to Cisco Aironet radios and antennas. Part 15.203 of RP-TNC the FCC rules covering spread spectrum devices limits the types of antennas that may be used with transmission equipment.
  • Page 506 Wireless LAN Solutions Engine. The WLSE is a specialized appliance for WLSE managing Cisco Aironet wireless LAN infrastructures. It centrally identifies and configures access points in customer-defined groups and reports on throughput and client associations. WLSE's centralized management capabilities are further enhanced with an integrated template-based configuration tool for added configuration ease and improved productivity.
  • Page 507 11-4, 13-2 with TACACS+ 13-23, 13-28 authentication types accounting command Network-EAP 11-4 ACL logging 7-12 open 11-2 Address Resolution Protocol (ARP) 6-28 shared key 11-3 AES-CCMP 10-2 authenticator Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-1 OL-14209-01...
  • Page 508 MAC authentications 11-15 Secure Shell (SSH) Called-Station-ID Telnet See CSID terminal emulator settings Cancel button client ARP caching 5-26 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-2 OL-14209-01...
  • Page 509 6-28 20-9 infrastructure-ssid deleting a stored configuration 20-18 interface dot11radio 1-1, 1-2, 6-2 downloading ip domain-name preparing 5-34 20-10, 20-12, 20-15 ip redirect reasons for 7-12 20-8 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-3 OL-14209-01...
  • Page 510 SNMP 18-5 using FTP 20-12 system message logging 21-3 using RCP 20-16 system name and prompt 5-32 using TFTP 20-10 TACACS+ 5-15, 13-25 image files default gateway 4-13 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-4 OL-14209-01...
  • Page 511 12-1 encapsulation dot1q command files 14-6 encapsulation method copying 6-27 20-4 encrypted software image 5-25 deleting 20-5 encryption command displaying the contents of 10-4 20-7 encryption for passwords Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-5 OL-14209-01...
  • Page 512 22-21 image files indicators 22-2 deleting old image 20-26 infrastructure-client command 6-28 downloading 20-24 infrastructure-ssid command preparing the server 20-23 inter-client communication, blocking 6-29 uploading 20-26 interface web-browser Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-6 OL-14209-01...
  • Page 513 Message Integrity Check (MIC) 6-26, 10-1, 22-18 status 22-4 message-of-the-day (MOTD) 5-35 limited channel scanning 19-15 messages limiting client associations by MAC address 16-6 to users through banners 5-35 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-7 OL-14209-01...
  • Page 514 4-13 on client devices 6-13 no shutdown command radio 6-26 notification power local command 6-12 power-save client device 6-30 preferential treatment of traffic Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-8 OL-14209-01...
  • Page 515 6-33 congestion 6-15 configuration files indicator 22-4 downloading 20-16 interface overview 20-14 preamble 6-23 preparing the server 20-15 radio data rates uploading 20-17 high vs low image files Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-9 OL-14209-01...
  • Page 516 6-33 rotation, broadcast key 10-1 SNMP rts retries command 6-31 accessing MIB variables with 18-4 RTS threshold 6-31 agent rts threshold command 6-31 described 18-4 disabling 18-5 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-10 OL-14209-01...
  • Page 517 8-6, 8-8 sort (CLI commands) learning spaces in an SSID listening speed command overview overview configuring 5-26 root port, defined crypto software image 5-25 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-11 OL-14209-01...
  • Page 518 20-11 default configuration 5-32 image files manual configuration 5-32 deleting 20-22 See also DNS downloading 20-20 system prompt preparing the server 20-19 default setting 5-32 Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-12 OL-14209-01...
  • Page 519 21-11 web-browser interface 1-2, 2-1 message logging configuration 21-10 upgrading software images key example 10-5 See downloading with EAP 11-4 uploading WEP key 22-18 configuration files Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-13 OL-14209-01...
  • Page 520 19-20 world mode 6-22, 6-26 always on setting 6-22 world-mode command 6-23 world mode roaming 6-22 11-7 WPA migration mode 11-13 wpa-psk command 11-14 wraparound (CLI commands) Cisco IOS Software Configuration Guide for Cisco Aironet Access Points IN-14 OL-14209-01...

This manual is also suitable for:

Aironet series

Table of Contents