Cisco WAP551 Administration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Access Point
  5. Small Business WAP551
  6. Administration manual

Cisco WAP551 Administration Manual

Wireless-n access point with poe
Hide thumbs Also See for WAP551:
Table of Contents

Advertisement

Quick Links

ADMINISTRATION
GUIDE
Cisco Small Business
WAP551 Wireless-N Access Point with PoE
and
WAP561 Wireless-N Selectable-Band Access Point with PoE

Advertisement

Table of Contents
loading

Related Manuals for Cisco WAP551

Summary of Contents for Cisco WAP551

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business WAP551 Wireless-N Access Point with PoE WAP561 Wireless-N Selectable-Band Access Point with PoE...

  • Page 2: Table Of Contents

    Email Alert Status Chapter 3: Administration System Settings User Accounts Time Settings Log Settings Email Alert HTTP/HTTPS Service Management Access Control Manage Firmware Download/Backup Configuration File Configuration Files Properties Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 3 Rogue AP Detection Networks Scheduler Scheduler Association Bandwidth Utilization MAC Filtering WDS Bridge WorkGroup Bridge Quality of Service Chapter 6: System Security RADIUS Server 802.1X Supplicant Password Complexity WPA-PSK Complexity Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 4 Instance Configuration Instance Association Web Portal Customization Local Groups Local Users Authenticated Clients Failed Authentication Clients Chapter 10: Single Point Setup Single Point Setup Overview Access Points Sessions Channel Management Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 5 Contents Wireless Neighborhood Chapter A: Deauthentication Message Reason Codes Deauthentication Reason Code Table Appendix B: Where to Go From Here Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 6: Chapter 1: Getting Started

    Explorer. Select Tools > Internet Options and then select the Security tab. Select Local Intranet and select Sites. Select Advanced and then select Add. Add the intranet address of the WAP device (http://<ip-address>) to the local intranet zone. The IP Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 7 • To find your IP address, you can use the Cisco FindIT Network Discovery Utility. This tool enables you to automatically discover all supported Cisco Small Business devices in the same local network segment as your computer. For more information, go to cisco.com and enter www.cisco.com/go/findit.
  • Page 8 Click Log In. The Access Point Setup Wizard page opens. STEP 3 If this is the first time that you logged on with the default user name (cisco) and the default password (cisco) or your password has expired, the Change Admin Password page opens.

  • Page 9: Using The Access Point Setup Wizard

    If you click Cancel to bypass the Wizard, the Change Password page appears. You can then NOTE change the default password for logging in. For all other settings, the factory default configurations apply. You must log in again after changing your password. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 10 VLAN and IPv4 Address Settings. Click Next. The Single Point Setup — Set a Cluster window appears. For a description of STEP 3 Single Point Setup, see Single Point Setup. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 11 (Optional) You can enter the Cluster Management IP Address to control all the devices in cluster. Click Next. The Configure Device - Set System Date and Time window appears. STEP 5 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 12 Select your time zone, and then set the system time manually or set up the WAP device to get STEP 6 its time from an NTP server. For a description of these options, see Time Settings. Click Next. The Enable Security - Set Password window appears. STEP 7 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 13 For this window and the following two windows (Wireless Security and VLAN NOTE ID), you configure these settings for the Radio 1 interface first. Then, for WAP561 devices, the windows repeat to enable you to configure these settings for Radio 2. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 14 Enter a Network Name. This name serves as the SSID for the default wireless network. STEP 10 Click Next. The Enable Security - Secure Your Wireless Network window appears. STEP 11 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 15 Choose a security encryption type and enter a security key. For a description of these options, STEP 12 System Security. Click Next. The Wizard displays the Enable Security- Assign the VLAN ID For Your Wireless STEP 13 Network window. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 16 STEP 15 For the WAP561 device, the Network Name, Wireless Security, and VLAN ID pages show to STEP 16 enable configuring Radio 2. When finished with configuring Radio 2, click Next. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 17 Choose a security encryption type for the guest network and enter a security key. For a STEP 20 description of these options, see System Security. Click Next. The Wizard displays the Enable Captive Portal - Assign the VLAN ID window. STEP 21 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 18 Cancel, all settings are returned to the previous or default values. If they are correct, click Submit. Your WAP setup settings are saved and a confirmation STEP 27 window appears. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 19 Getting Started Using the Access Point Setup Wizard Access Point Setup Wizard—Finish Click Finish. The Getting Started window appears. STEP 28 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 20: Getting Started

    Setup Wizard Configure Radio Settings Radio Configure Wireless Network Settings Networks Configure LAN Settings Configure Single Point Setup Single Point Setup Device Status System Summary System Summary Wireless Status Network Interfaces Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 21: Window Navigation

    It provides these buttons: Buttons Button Name Description (User) The account name (Administrator or Guest) of the user logged into the WAP device. The factory default user name is cisco. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 22 WAP devices. If a main menu item is preceded by an arrow, select to expand and display the submenu of each group. You can then select on the desired submenu item to open the associated page. Navigation Pane Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 23: Management Buttons

    Edits or modifies an existing entry. Select an entry first. Refresh Redisplays the current page with the latest data. Save Saves the settings or configuration. Update Updates the new information to the startup configuration. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 24: Chapter 2: Status And Statistics

    • Traffic Statistics • WorkGroup Bridge Transmit/Receive • Associated Clients • TSPEC Client Associations • TSPEC Status and Statistics • TSPEC AP Statistics • Radio Statistics • Email Alert Status • Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 25: System Summary

    To view system information, select Status and Statistics > System Summary in the navigation pane. Or, select System Summary under Device Status on the Getting Started page. System Summary 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 26 PID VID—The WAP hardware model and version. • Serial Number—The serial number of the Cisco WAP device. • Base MAC Address—The WAP MAC address. • Firmware Version (Active Image)—The firmware version number of the active image. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 27 Time Wait—The closing sequence has been initiated and the WAP is waiting for a system-defined timeout period (typically 60 seconds) before closing the connection. You can click Refresh to refresh the screen and show the most current information. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 28: Network Interfaces

    Network Interfaces The Network Interfaces page shows this information: • LAN Status—These settings apply to the internal interface. For the WAP321, the information indicates whether or not Green Ethernet mode is enabled. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 29: Traffic Statistics

    WAP was last started. If you reboot the WAP, these figures indicate transmit and receive totals since the reboot. To show the Traffic Statistics page, select Status and Statistics > Traffic Statistics in the navigation pane. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 30 Network Interface—Name of the Ethernet interface and each VAP and WDS interface. On WAP561 devices, WLAN0 and WLAN1 precede the VAP interface name to indicate the radio interface (WLAN0 represents radio 1 and WLAN1 represents radio Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 31: Workgroup Bridge Transmit/Receive

    Network Interface—Name of the Ethernet or VAP interface. On WAP561 devices, WLAN0 represents radio 1 and WLAN1 represents radio 2. • Status and Statistics—Whether the interface is disconnected or is administratively configured as up or down. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 32: Associated Clients

    Network Interface—The VAP the client is associated with. On WAP561 devices, WLAN0 and WLAN1 precede the VAP interface name to indicate the radio interface (WLAN0 represents radio 1 and WLAN1 represents radio 2). Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 33 STA has not been admitted. • Up Time—The amount of time the client has been associated with the WAP device. You can click Refresh to refresh the screen and show the most current information. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 34: Tspec Client Associations

    • TS Identifier—TSPEC Traffic Session Identifier (range 0 to 7). • Access Category—TS Access Category (voice or video). • Direction—Traffic direction for this TS. Direction can be one of these options: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 35 WAP device. • To Station—The number of packets and bytes transmitted from the WAP device to the wireless client and the number of packets and bytes that were dropped upon transmission. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 36: Tspec Status And Statistics

    If you reboot the WAP device, these figures indicate transmit and receive totals since the reboot. To view TSPEC status and statistics, select Status and Statistics > TSPEC Status and Statistics in the navigation pane. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 37 • Status—Whether the TSPEC session is enabled (up) or not (down) for the corresponding Access Category. Status is a configuration status (it does not necessarily represent the current NOTE session activity). Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 38: Tspec Ap Statistics

    The TSPEC AP Statistics page provides information on the voice and video Traffic Streams accepted and rejected by the WAP device. To view the TSPEC AP Statistics page, select Status and Statistics > TSPEC AP Statistics in the navigation pane. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 39: Radio Statistics

    You can use the Radio Statistics page to show packet-level and byte-level statistics for theeach wireless radio interface. To view the Radio Statistics page, select Status and Statistics > Radio Statistics in the navigation pane. Radio Statistics 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 40 Multicast Frames Received—Count of MSDU frames received with the multicast bit set in the destination MAC address. • Multicast Frames Transmitted—Count of successfully transmitted MSDU frames where the multicast bit was set in the destination MAC address. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 41: Email Alert Status

    The Email Alert Status page provides information about the email alerts sent based on the syslog messages generated in the WAP device. To view the Email Alert Status page, select Status and Statistics > Email Alert Status in the navigation pane. Email Alert Status Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 42: Log

    Up to 512 events can be shown. Older entries are removed from the list as needed to make room for new events. To view the Log page, select Status and Statistics > Log in the navigation pane. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 43 Description—A description of the event. You can click Refresh to refresh the screen and show the most current information. You can click Clear All to clear all entries from the log. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 44: Chapter 3: Administration

    • Management Access Control • UpgradeManage Firmware • Firmware Recovery • Download/Backup Configuration File • Configuration Files Properties • Copy/Save Configuration • Reboot • Discovery—Bonjour • Packet Capture • Support Information Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 45: System Settings

    Click Save. The changes are saved to the Startup Configuration. STEP 3 User Accounts One management user is configured on the WAP device by default: • User Name: cisco • Password: cisco Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 46: Adding A User

    Select Administration > User Accounts in the navigation pane. STEP 1 User Accounts The User Account Table shows the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. All other users can have Read Only Access, but not Read/Write access.

  • Page 47: Changing A User Password

    User Accounts The User Account Table shows the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. The password for the user cisco can be changed. Select the user to configure and click Edit.

  • Page 48: Time Settings

    Time Zone—Select the time zone for your location. Select Adjust Time for Daylight Savings if daylight savings time is applicable to your time STEP 3 zone. When selected, configure these fields: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 49 When selected, configure these fields: • Daylight Savings Start—Select the week, day, month, and time when daylight savings time starts. • Daylight Savings End—Select the week, day, month, and time when daylight savings time ends. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 50: Log Settings

    Enabling persistent logging can wear out the flash (nonvolatile) memory and degrade network CAUTION performance. Only enable persistent logging to debug a problem. Make sure that you disable persistent logging after you finish debugging the problem. To configure persistent logging: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 51: Remote Log Server

    Click Save. The changes are saved to the Startup Configuration. STEP 3 Remote Log Server Remote Log Server The Kernel Log is a comprehensive list of system events (shown in the System Log) and kernel messages such as error conditions. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 52 After new settings are saved, the corresponding processes may be stopped and restarted. When NOTE this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 53: Email Alert

    To configure the WAP device to send email alerts: Select Administration > Email Alert in the navigation pane. STEP 1 Email Alert In the Global Configuration area, configure these parameters: STEP 2 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 54 The username can be from 1 to 64 alphanumeric characters. • Password—Enter the password for the email account that will be used to send these emails. The password can be from 1 to 64 characters. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 55: Email Alert Examples

    Username: Your email address, without the domain name such as myName (without @yahoo.com) Password: Your Yahoo account password The following example shows a sample format of a general log email: From: AP-192.168.2.10@mailserver.com Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 56: Http/Https Service

    If HTTPS is used for secure management sessions, you also use the HTTP/ HTTPS Service page to manage the required SSL certificates. Configuring HTTP and HTTPS Services Configuring HTTP and HTTPS Services To configure HTTP and HTTP services: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 57 1 to 10 sessions. The default is 5. If the maximum number of sessions is reached, the next user who attempts to log on to the configuration utility receives an error message about the session limit. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 58: Managing Ssl Certificates

    In the Certificate File Status area, you can view whether a certificate currently exists on the WAP device, and view this information about it: • Certificate File Present • Certificate Expiration Date Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 59 To enable Telnet or SSH: Select Administration > Telnet/SSH Service in the navigation window. STEP 1 SSH/Telnet Service Select Enable for Telnet or SSH. STEP 2 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 60: Management Access Control

    Administrative computer, you will lose access to the configuration interface. It is highly recommend to give the Administrative computer a static IP address, so the address does not change over time. To create an access list: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 61 After you upload new firmware and the system reboots, the newly added firmware becomes the primary image. If the upgrade fails, the original firmware remains as the primary image. When you upgrade the firmware, the access point retains the existing configuration NOTE information. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 62: Manage Firmware

    TFTP Upgrade TFTP Upgrade To upgrade the firmware on an access point using TFTP: Select Administration > Manage Firmware in the navigation pane. STEP 1 Manage Firmware Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 63: Http Upgrade

    To verify that the firmware upgrade completed successfully, log into the user interface and STEP 5 display the Upgrade Firmware page and view the active firmware version. HTTP Upgrade HTTP Upgrade To upgrade using HTTP: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 64: Firmware Recovery

    An HTTP server starts and listens for client connections on port 80. The Firmware Recovery page is shown in the web-based configuration utility only when an NOTE image needs to be restored. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 65 The CRC of the file is good. • The STK file is built for this platform. • The STK file size is within the partition limits (4.5 MB is reserved for this file). Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 66: Download/Backup Configuration File

    WAP device. See Copy/Save Configuration. Backing Up a Configuration File Backing Up a Configuration File To back up (upload) the configuration file to a network host or TFTP server: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 67 The filename cannot contain the following characters: spaces, <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods. For a TFTP backup only, enter the TFTP Server IPv4 Address. STEP 5 Select which configuration file you want to back up: STEP 6 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 68: Downloading A Configuration File

    Click Save to begin the upgrade or backup. For HTTP downloads, a window appears to enable STEP 6 you to browse to select the file to download. When the download is finished, a window indicates success. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 69: Configuration Files Properties

    For example, you can copy the Backup Configuration file to the Startup Configuration file type, so that it is used the next time you boot up the WAP device. To copy a file to another file type: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 70 For the Destination File Name, select the file type to be replaced with the file you are copying. STEP 3 Click Save to begin the copy process. STEP 4 When complete, a window shows the message, Copy Operation Successful. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 71: Reboot

    The WAP device advertises these service types: • Cisco-specific device description (csco-sb)—This service enables clients to discover Cisco WAP devices and other products deployed in small business networks. • Management user interfaces—This service identifies the management interfaces available on the WAP device (HTTP, Telnet, SSH, and SNMP).

  • Page 72: Packet Capture

    The WAP device can capture these types of packets: • 802.11 packets received and transmitted on radio interfaces. Packets captured on radio interfaces include the 802.11 header. • 802.3 packets received and transmitted on the Ethernet interface. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 73 View the current packet capture status. • Download a packet capture file. Packet Capture Configuration Packet Capture Configuration The Packet Capture Configuration area enables you to configure parameters and initiate a packet capture. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 74 As soon as the capture is completed, the radio reverts to nonpromiscuous mode operation. • Radio Client Filter—Enables or disables the WLAN client filter to capture only frames that are transmitted to, or received from, a WLAN client with a specified MAC address. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 75: Local Packet Capture

    WLAN1:VAP0—VAP0 traffic on Radio 2 (for WAP561 devices only). VAP1 to VAP15, if configured—Traffic on the specified VAP. For WAP561, the interface names are preceded by WLAN0: or WLAN1:, where WLAN0 represents Radio 1 and WLAN1 represents Radio 2. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 76: Remote Packet Capture

    A Microsoft Windows computer running the Wireshark tool allows you to display, log, and analyze captured traffic. The remote packet capture facility is a standard feature of the Wireshark tool for Windows. Linux version does not work with the WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 77 IP address, there is a pull-down list for you to select the interfaces. The interface can be one of the following: Linux bridge interface in the wap device --rpcap://[192.168.1.220]:2002/brtrunk Wired LAN interface -- rpcap://[192.168.1.220]:2002/eth0 VAP0 traffic on radio 1 -- rpcap://[192.168.1.220]:2002/wlan0 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 78 WAP device automatically installs a capture filter to filter out all packets destined to the Wireshark application. For example, if the Wireshark IP port is configured to be 58000, then this capture filter is automatically installed on the WAP device: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 79: Packet Capture File Download

    /tmp/apcapture.pcap on the WAP device. Specify a TFTP Server IPv4 Address in the field provided. STEP 3 Click Download. STEP 4 To download a packet capture file using HTTP: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 80: Support Information

    Support Information Click Download to generate the file based on current system settings. After a short pause, a window appears to enable you to save the file to your computer. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 81: Chapter 4: Lan

    The Port Settings page enables you to view and configure settings for the port that physically connects the WAP device to a local area network. To view and configure LAN settings: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 82 When Green Ethernet Mode is enabled, the WAP device automatically enters a low- power mode when energy on the line is lost, and it resumes normal operation when energy is detected. Click Save. The changes are saved to the Startup Configuration. STEP 6 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 83: Vlan And Ipv4 Address Settings

    Untagged VLAN ID—Specifies a number between 1 and 4094 for the untagged VLAN ID. The default is 1. Traffic on the VLAN that you specify in this field is not be tagged with a VLAN ID when forwarded to the network. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 84: Ipv6 Addresses

    STEP 3 • Connection Type—By default, the DHCP client on the Cisco WAP551 and WAP561 Access Point automatically broadcasts requests for network information. If you want to use a static IP address, you must disable the DHCP client and manually configure the IP address and other network information.
  • Page 85 Router Advertisements received on the LAN port. The WAP device can have multiple autoconfigured IPv6 addresses. • Static IPv6 Address—The static IPv6 address. The WAP device can have a static IPv6 address even if addresses have already been configured automatically. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 86: Ipv6 Tunnel

    IPv6 Tunnel The WAP551 and WAP561 devices support the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP enables the WAP device to transmit IPv6 packets encapsulated within IPv4 packets over the LAN. The protocol enables the WAP device to communicate with remote IPv6-capable hosts even when the LAN that connects them does not support IPv6.
  • Page 87 ISATAP router(s) it learns about through the DNS query messages. The WAP sends router solicitation messages only when there is no active ISATAP router. The valid range is 120 to 3600 seconds. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 88 When the tunnel is established, the ISATAP IPv6 Link Local Address and ISATAP IPv6 Global Address show on the page. These are the virtual IPv6 interface addresses to the IPv4 network. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 89: Chapter 5: Wireless

    Radio settings directly control the behavior of the radio in the WAP device and its interaction with the physical medium; that is, how and what type of signal the WAP device emits. To configure radio settings: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 90 MAC Address—The Media Access Control (MAC) address for the interface. The MAC address is assigned by the manufacturer and cannot be changed. • Mode—The IEEE 802.11 standard and frequency the radio uses. one of the available modes: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 91 The range of available channels is determined by the mode of the radio interface and the country code setting. If you select Auto for the channel setting, the WAP device scans available channels and selects a channel where the least amount of traffic is detected. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 92 Enter an integer from 20 to 2000 milliseconds. The default is 100 milliseconds. • DTIM Period—The Delivery Traffic Information Map (DTIM) period. Enter an integer from 1 to 255 beacons. The default is 2 beacons. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 93 However, sending more RTS packets can help the network recover from interference or collisions that might occur on a busy network, or on a network experiencing electromagnetic interference. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 94 It is generally more efficient to have a WAP device broadcast a subset of its supported rate sets. • MCS (Data Rate) Settings—The Modulation and Coding Scheme (MCS) index values that the WAP device advertises. MCS can enhance throughput for 802.11n wireless clients. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 95 TSPEC was admitted. Off—A station can send and receive voice priority traffic without requiring an admitted TSPEC; the WAP device ignores voice TSPEC requests from client stations. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 96 After new settings are saved, the corresponding processes may be stopped and restarted. When CAUTION this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 97: Rogue Ap Detection

    APs detected through the RF scan. To view more information about rogue APs, select Wireless > Rogue AP Detection in the main navigation pane. Rogue AP Detection 121/32 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 98 WAP device does not have any control over the APs on the list and cannot apply any security policies to APs detected through the RF scan. • MAC Address—The MAC address of the rogue AP. • Beacon Interval—The beacon interval used by the rogue AP. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 99 The channel defines the portion of the radio spectrum that the radio uses for transmitting and receiving. You can use the Radio page to set the channel. NOTE • Rate—The rate in megabits per second at which the rogue AP is currently transmitting. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 100 AP or created from a text file. If the MAC address of an AP appears in the Trusted AP List, it is not detected as a rogue. To import an AP list from a file, use these steps: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 101: Networks

    SSID Naming Conventions SSID Naming Conventions The default SSID for VAP0 is ciscosb. Every additional VAP created has a blank SSID name. The SSIDs for all VAPs can be configured to other values. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 102: Vlan Ids

    WLAN clients associated with this specific VAP can administer the WAP device. If needed, an access control list (ACL) can be created to disable administration from WLAN clients. Networks 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 103: Configuring Vaps

    VLAN and IPv4 Address Settings. • SSID Name—A name for the wireless network. The SSID is an alphanumeric string of up to 32 characters. Choose a unique SSID for each VAP. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 104 MAC Filtering—Specifies whether the stations that can access this VAP are restricted to a configured global list of MAC addresses. You can select one of these types of MAC filtering: Disabled—Do not use MAC filtering. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 105: Configuring Security Settings

    This security mode can be useful during initial network configuration or for problem solving, but it is not recommended for regular use on the internal network because it is not secure. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 106 Required field. These are the RC4 WEP keys shared with the stations using the WAP device. Each client station must be configured to use one of these same WEP keys in the same slot as specified on the WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 107 WEP keys specified on the WAP device in order to decode AP-to-station data transmissions. • The WAP device must have all keys used by clients for station-to-AP transmit so that it can decode the station transmissions. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 108 To use the global RADIUS server settings, ensure that the check box is selected. To use a separate RADIUS server for the VAP, uncheck the check box and enter the RADIUS server IP address and key in these fields: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 109 • Active Server—Enables administratively selecting the active RADIUS server, rather than having the WAP device attempt to contact each configured server in sequence and choose the first server that is up. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 110 This WPA configuration allows more interoperability in place of some security. WPA clients must have one of these keys to be able to associate with the WAP device: A valid TKIP key A valid AES-CCMP key Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 111 IEEE 802.11i standard. As per the latest WiFi Alliance requirement, the AP has to support this mode all the time. • Enable pre-authentication—If for WPA Versions you select only WPA2 or both WPA and WPA2, you can enable pre-authentication for WPA2 clients. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 112 WAP device and on your RADIUS server. The text you enter is shown as asterisks to prevent others from seeing the RADIUS key as you type. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 113: Scheduler

    The WAP device supports up to 16 profiles. Only valid rules are added to the profile. Up to 16 rules are grouped together to form a scheduling profile. Periodic time entries belonging to the same profile cannot overlap. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 114: Adding Scheduler Profiles

    To add a profile, enter a profile name in the Scheduler Profile Configuration text box and click STEP 3 Add. The profile name can be up to 32 alphanumeric characters. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 115 A Scheduler profile must be associated with a radio interface or a VAP interface to be in effect. NOTE See the Scheduler Association page. To delete a rule, select the profile from the Profile Name column and click Delete. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 116: Scheduler Association

    Only one Scheduler profile can be associated with the WLAN interface or each VAP. A single profile can be associated with multiple VAPs. If the Scheduler profile associated with a VAP or the WLAN interface is deleted, then the association is removed. Scheduler Association 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 117: Bandwidth Utilization

    Use the Bandwidth Utilization page to configure how much of the radio bandwidth can be used before the WAP device stops allowing new client associations. This feature is enabled by default. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 118: Mac Filtering

    Depending on how the VAP is configured, the WAP device may refer to a MAC filter list stored on an external RADlUS server, or may refer a MAC filter list stored locally on the WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 119: Configuring A Mac Filter List Locally On The Wap Device

    Continue entering MAC addresses until the list is complete, and then click Save. The changes STEP 4 are saved to the Startup Configuration. To remove a MAC address from the Stations List, select it and then click Remove. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 120: Wds Bridge

    In this mode, the central WAP device accepts client associations and communicates with the clients and other repeaters. All other access points associate only with the central WAP device that forwards the packets to the appropriate wireless bridge for routing purposes. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 121 WAP device that is operating as a repeater. Before you configure WDS on the WAP device, note these guidelines: • All Cisco WAP devices participating in a WDS link must have the following identical settings: Radio IEEE 802.11 Mode...
  • Page 122 Wireless WDS Bridge Select Wireless > WDS Bridge in the navigation pane. STEP 1 WDS Bridge 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 123 WPA2-PSK with CCMP (AES) encryption over the WDS link. See WEP on WDS Links or WPA/PSK on WDS Links following this procedure for more information about encryption options. Repeat these steps for up to three additional WDS interfaces. STEP 5 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 124: Wep On Wds Links

    WDS ID is also entered at the other end of the WDS link. If this WDS ID is not the same for both WAP devices on the WDS link, they will not be able to communicate and exchange data. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 125: Workgroup Bridge

    To allow the bridging of packets, the VLAN configuration for the access point interface and wired interface should match that of the infrastructure client interface. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 126 It is not recommended to associate another AP to the downstream interface of the WAP device operating in WorkGroup Bridge mode; that is, the chaining or cascading of APs is not supported. To configure WorkGroup Bridge mode: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 127 Wireless WorkGroup Bridge Select Wireless > WorkGroup Bridge in the navigation pane. STEP 1 WorkGroup Bridge 121/321 551/561 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 128 SSID Broadcast—Select if you want the downstream SSID to be broadcast. SSID Broadcast is enabled by default. • Security—The type of security to use for authenticating. Choices are: None Static WEP Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 129: Quality Of Service

    In normal use, the default values for the WAP device and station EDCA should not need to be changed. Changing these values affects the QoS provided. To configure WAP device and Station EDCA parameters: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 130 Wireless Quality of Service Select Wireless > QoS in the navigation pane.QoS 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 131 Data 0 (Voice)—High priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue. • Data 1 (Video)—High priority queue, minimum delay. Time-sensitive video data is automatically sent to this queue. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 132 Valid values are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1023. This value must be higher than the value for the Minimum Contention Window. • Maximum Burst (WAP only)—A WAP EDCA parameter that applies only to traffic flowing from the WAP to the client station. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 133 After new settings are saved, the corresponding processes may be stopped and restarted. When CAUTION this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 134 Wireless Quality of Service Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 135 Wireless Quality of Service Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 136: Chapter 6: System Security

    In addition to using the global RADIUS servers, you can also configure each VAP to use a NOTE specific set of RADIUS servers. See the Networks page. To configure global RADIUS servers: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 137 If authentication fails with the primary server, each configured backup server is tried in sequence. • Key 1—The shared secret key that the WAP device uses to authenticate to the primary RADIUS server. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 138: 802.1X Supplicant

    802.1X authenticator grants access. If your network uses 802.1X, you must configure 802.1X authentication information on the WAP device, so that it can supply it to the authenticator. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 139 PEAP—Protected Extensible Authentication Protocol, which provides a higher level of security than MD5 by encapsulating it within a TLS tunnel. TLS—Transport Layer Security, as defined in RFC 5216, an open standard that provides a high level of security. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 140 <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods. Click Upload. STEP 3 A confirmation window appears, followed by a progress bar to indicate the status of the upload. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 141: Password Complexity

    Minimum Password Length—The minimum password character length is a range from 0 to 32. The default is 8. • Password Aging Support—Select to have passwords expire after a configured time period. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 142: Wpa-Psk Complexity

    Three is the default. • WPA-PSK Different From Current—Select one of these options: Enable—Users must configure a different key after their current key expires. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 143 8 to 16. The default is 8. Check the box to make the field editable and to activate this requirement. Click Save. The changes are saved to the Startup Configuration. STEP 4 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 144: Chapter 7: Client Quality Of Service

    ACLs and DiffServ policies to use as default values for clients associated with the VAP when the client does not have their own attributes defined by a RADIUS server. To configure VAP QoS parameters: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 145 • Bandwidth Limit Up—The maximum allowed client transmission rate to the AP in bits per second. The valid range is 0 – 4294967295 bps. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 146 DiffServ Policy Up—The name of the DiffServ policy applied to traffic sent to the AP in the inbound (up) direction. Click Save. The changes are saved to the Running Configuration and to the Startup STEP 5 Configuration. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 147: Ipv4 And Ipv6 Acls

    There is an implicit deny at the end of every rule created. To avoid deny all, it is strongly NOTE recommended to add a permit rule within the ACL to allow traffic. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 148: Mac Acls

    Configure the match criteria for the rules. STEP 6 Use the Client QoS Association page to apply the ACL to one or more VAPs. STEP 7 These steps give a detailed description of how to configure ACLs: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 149 IPv4 and IPv6 ACLs control access to network resources based on Layer 3 and Layer 4 criteria. MAC ACLs control access based on Layer 2 criteria. Click Add ACL. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 150 When you select Permit, the rule allows all traffic that meets the rule criteria to enter or exit the WAP device (depending on the ACL direction you select). Traffic that does not meet the criteria is dropped. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 151 If you select Source Port, choose the port name or enter the port number. Select From List—The keyword associated with the source port to match: ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 152 1024 to 49151—Registered Ports 49152 to 65535—Dynamic and/or Private Ports • IP DSCP—Matches packets based on their IP DSCP value. If you select IP DSCP, choose one of these options as the match criteria: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 153 • Destination IPv6 Address—Select this field to require a packet's destination IPv6 address to match the address listed here. Enter an IPv6 address in the appropriate field to apply this criteria. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 154 MAC address, a MAC mask of 00:00:00:00:ff:ff is used. A MAC mask of 00:00:00:00:00:00 checks all address bits and is used to match a single MAC address. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 155: Class Map

    You can use the Class Map page to define classes of traffic. Use the Policy Map page to define policies and associate class maps to them. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 156: Adding A Class Map

    Select a value from the Match Layer 3 Protocol list: STEP 3 • IPv4—The class map applies only to IPv4 traffic on the WAP device. • IPv6—The class map applies only to IPv6 traffic on the WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 157: Defining A Class Map

    The match criteria fields that are available depend on whether the class map is an IPv4 or IPv6 class map. Defining a Class Map Defining a Class Map To configure a class map: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 158 Destination IP Mask (IPv4 only)—The destination IP address mask. The mask for DiffServ is a network-style bit mask in IP dotted decimal format indicating which part(s) of the destination IP address to use for matching against packet content. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 159 Match to Port—Matches the destination port in the datagram header with an IANA port number that you specify. The port range is from 0 to 65535 and includes three different types of ports: 0 to 1023—Well Known Ports Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 160 VLAN ID—A VLAN ID to be matched for packets. The VLAN ID range is from 0 to 4095. The following Service Type fields show for IPv4 only. You can specify one type of service to use in matching packets to class criteria. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 161: Policy Map

    The WAP device supports up to 50 policy maps. A policy map can contain up to 10 class maps. To add and configure a policy map: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 162 Committed Rate—The committed rate, in Kbps, to which traffic must conform. The range is from 1 to 1000000 Kbps. Committed Burst—The committed burst size, in bytes, to which traffic must conform. The range is from 1 to 204800000 bytes. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 163: Client Qos Association

    To control general categories of traffic, such as HTTP traffic or traffic from a specific subnet, you can configure ACLs and assign them to one or more VAPs. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 164 To configure client QoS association parameters: Select Client QoS > Client QoS Association in the navigation pane. STEP 1 Client QoS Association 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 165 IPv6—The ACL examines IPv6 packets for matches to ACL rules. MAC—The ACL examines Layer 2 frames for matches to ACL rules. • ACL Name Down—The name of the ACL applied to traffic in the outbound direction. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 166: Client Qos Status

    The Client QoS Status page shows the client QoS settings that are applied to each client currently associated with the WAP device. To show the Client QoS Status page, select Client QoS > Client QoS Status in the navigation pane. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 167 The packet or frame is processed if it is permitted and discarded if it is denied. • ACL Type Down—The type of ACL to apply to traffic in the outbound (WAP-to- client) direction, which can be one of these options: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 168 DiffServ Policy Up—The name of the DiffServ policy applied to traffic sent to the WAP device in the inbound (client-to-WAP) direction. • DiffServ Policy Down—The name of the DiffServ policy applied to traffic from the WAP device in the outbound (WAP-to-client) direction. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 169: Chapter 8: Simple Network Management Protocol

    SNMP manager when requested. Managed devices can be network nodes such as WAP devices, routers, switches, bridges, hubs, servers, or printers. The WAP device can function as an SNMP managed device for seamless integration into network management systems. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 170: General Snmp Settings

    The community name acts as a simple authentication feature to restrict the machines on the network that can request data to the SNMP agent. The name functions as a password, and the request is assumed to be authentic if the sender knows the password. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 171 10.10.1.129 through 10.10.1.254 can execute SNMP requests on managed devices. In this example, 10.10.1.128 is the network address and 10.10.1.255 is the broadcast address. A total of 126 addresses would be designated. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 172: Views

    Each MIB view is defined by two sets of view subtrees, included in or excluded from the MIB view. You can create MIB views to control the OID range that SNMPv3 users can access. The WAP device supports a maximum of 16 views. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 173 A family mask is used to define a family of view subtrees. The family mask indicates which subidentifiers of the associated family OID string are significant to the family's definition. A family of view subtrees enables efficient control access to one row in a table. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 174: Groups

    MIB view. The default groups RO and RW cannot be deleted. NOTE The WAP device supports a maximum of eight groups. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 175 Write Views—The write access to MIBs for the group, which can be one of these options: view-all—The group can create, alter, and delete MIBs. view-none—The group cannot create, alter, or delete MIBs. • Read Views—The read access to MIBs for the group: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 176: Users

    User Name—A name that identifies the SNMPv3 user. User names can contain up to 32 alphanumeric characters. • Group—The group that the user is mapped to. The default groups are RWAuth, RWPriv, and RO. You can define additional groups on the SNMP Groups page. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 177: Targets

    Each target is defined with a target IP address, UDP port, and SNMPv3 user name. SNMPv3 user configuration (see the Users page) should be completed before configuring NOTE SNMPv3 targets. The WAP device supports a maximum of eight targets. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 178 Click Save. The user is added to the SNMPv3 Targets list and your changes are saved to the STEP 5 Startup Configuration. To remove an SMMP target, select the user in the list and click Delete. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 179: Chapter 9: Captive Portal

    The Captive Portal feature is available only on the Cisco WAP321 device. NOTE The Captive Portal feature is available on the WAP5xx devices and the Cisco WAP321 device. NOTE Authenticated users must be validated against a database of authorized Captive Portal groups or users before access is granted.

  • Page 180: Captive Portal Global Configuration

    443 by default. You can configure an additional port for HTTPS traffic. Enter port number between 1025 and 65535, or 443. The HTTP and HTTPs ports cannot be the same. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 181: Instance Configuration

    Enter an Instance Name and click Save. The instance name can include from 1 to 32 STEP 3 alphanumeric characters and the underscore. Select the instance name from the Captive Port Instances list. STEP 4 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 182 The certificate is presented to the user at connection time. • Verification—The authentication method for CP to use to verify clients: Guest—The user does not need to be authenticated by a database. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 183 IPv4 and IPv6 RADIUS address settings, but the WAP device contacts only the RADIUS server or servers of the address type you select in this field. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 184 CP instance from the Web Customization page. • Delete Instance—Deletes the current instance. Click Save. Your changes are saved to the Startup Configuration. STEP 6 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 185: Instance Association

    VAP. The associated CP instance settings applies to users who attempt to authenticate on the VAP. To associate an instance to a VAP: Select Captive Portal > Instance Association in the navigation pane. STEP 1 Instance Association 121/321 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 186: Web Portal Customization

    You use the Web Portal Customization page to create unique pages for different locales on your network, and to customize the text and images on the pages. To create and customize a CP authentication page: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 187 The user can select a link to switch to that locale. Click Save. The changes are saved to the Startup Configuration. STEP 5 From the Captive Portal Web Locale list, select the locale you created. STEP 6 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 188 Captive Portal Web Portal Customization The page shows additional fields for modifying the locale. The Locale ID and Instance Name fields cannot be edited. The editable fields are populated with default values. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 189 STEP 7 • Background Image Name—The image to show as the page background. You can click Upload/Delete Custom Image to upload images for Captive Portal instances. See Uploading and Deleting Images. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 190 Browser Content—The text that shows in the page header, to the right of the logo. The range is from 1 to 128 characters. The default is Welcome to the Wireless Network. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 191 You can click Preview to show the text and images that have already been saved to the Startup NOTE Configuration. If you make a change, click Save before clicking Preview to see your changes. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 192 Background Image Name, Logo Image Name, or Account Image fields. The Web Portal Custom Image page appears. Web Portal Custom Image Browse to select the image. STEP 2 Click Upload. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 193: Local Groups

    Enter a Group Name and click Save. The changes are saved to the Startup Configuration. STEP 2 To delete a group, select it in the Captive Portal Groups list, select the Delete Group check box, NOTE and click Save. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 194: Local Users

    You can use the Local Users page to configure up to 128 authorized users in the local database. To add and configure a local user: Select Captive Portal > Local Users in the navigation pane. STEP 1 Local Users Enter a User Name and click Save. STEP 2 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 195 This setting limits the bandwidth used to send data into the network. The range is from 0 to 300 Mbps. The default is 0. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 196: Authenticated Clients

    Local—The WAP device uses a local database to authenticated users. RADIUS—The WAP device uses a database on a remote RADIUS server to authenticate users. • VAP ID—The VAP that the user is associated with. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 197: Failed Authentication Clients

    Radio ID—The ID of the radio. Because the WAP321 has a single radio, this field always shows Radio1.For the single-radio WAP551 device, this field shows Radio 1. For the dual radio WAP561 device, this field shows Radio 1 or Radio 2.
  • Page 198 Radio ID—The ID of the radio. Because the WAP321 has a single radio, this field shows Radio1.For the single-radio WAP551 device, this field shows Radio 1. For the dual radio WAP561 device, this field shows Radio 1 or Radio 2.

  • Page 199: Chapter 10: Single Point Setup

    When you first set up your WAP device, you can use the Setup Wizard to configure Single Point Setup or join an existing Single Point Setup. If you prefer not to use the Setup Wizard, you can use the web-based configuration utility. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 200 Single Point Setup creates a dynamic, configuration-aware cluster, or group, of WAP devices in the same subnet of a network. A cluster supports a group of up to 16 configured WAP551 and WAP561 devices, but no other models in the same cluster.
  • Page 201 In other words, loss of contact with the cluster does not necessarily prevent wireless clients associated with that WAP device from continued access to network resources. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 202 Management Access Control SNMP General and SNMPv3 Networks WPA-PSK Complexity Time Settings Radio Configuration Settings and Parameters that are Propagated in Single Point Setup Mode Fragmentation Threshold RTS Threshold Rate Sets Primary Channel Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 203 Other Configuration Settings and Parameters That Are Not Propagated in Single Point Setup Bandwidth Utilization Port Settings Bonjour VLAN and IPv4 IPv6 Address WDS Bridge IPv6 Tunnel Packet Capture WorkGroup Bridge Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 204: Access Points

    Location—Enter a description of where the access point is physically located, for example, Reception. The location field is optional. • Cluster Name—Enter the name of the cluster for the WAP device to join, for example Reception_Cluster. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 205 Single Point Setup works only with devices using the same type of IP addressing. It does not work with a group of WAP devices where some have IPv4 addresses and some have IPv6 addresses. Click Enable Single Point Setup. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 206 Adding a New Access Point to a Single Point Setup Cluster Adding an Access Point to a Single Point Setup To add a new access point that is currently in standalone mode into a Single Point Setup cluster: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 207 Select Single Point Setup > Access Points in the navigation pane. STEP 2 Click Disable Single Point Setup. STEP 3 The Single Point Setup status field for that access point will now show Disabled. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 208 ARPs on the management VLAN so that the mapping between the new IP address and the MAC-address is established in the subnet. The Cluster IP address configuration is shared among all the clustered APs. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 209: Sessions

    AP Location—The location of the access point. The location is derived from the location specified on the Administration > System Settings page. • User MAC—The MAC address of the wireless client. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 210: Channel Management

    Wi-Fi bandwidth to help maintain efficient communication over the wireless network. The automatic channel assignment feature is disabled by default. The state of channel management (enabled or disabled) is propagated to the other devices in the Single Point Setup cluster. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 211 To start automatic channel assignment, click Start. STEP 2 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 212 Band—The band on which the access point is broadcasting. • Channel—The radio channel on which this access point is currently broadcasting. • Locked—Forces the access point to remain on the current channel. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 213: Configuring Advanced Settings

    The default is 75 percent. Use the drop-down menu to choose percentages ranging from 5 percent to 75 percent. Using this setting lets you set a threshold gain in efficiency for channel Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 214: Wireless Neighborhood

    To view neighboring devices, select Single Point Setup > Wireless Neighborhood in the navigation pane. To see all the devices detected on a given Single Point Setup, navigate to the Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 215 If there is only one WAP device in the cluster, only a single IP address column shows, indicating that the WAP device is grouped with itself. You can click on an IP address to view more details on a particular WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 216: Viewing Details For A Cluster Member

    • SSID—The Service Set Identifier for the neighboring access point. • MAC Address—The MAC address of the neighboring access point. • Channel—The channel on which the access point is currently broadcasting. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 217 Select Single Point Setup > Cluster Firmware Upgrade in the navigation pane. STEP 1 Select the checkbox of the AP to be upgraded. STEP 2 Click Save. STEP 3 To get the latest cluster firmware upgrade status: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 218 Click Start-Upgrade to apply the new firmware image. STEP 3 Overall upgrade status shows the combined upgrade status (Not Initialized/In Progress/ NOTE Completed/Fail/Abort_admin/ None) of all the cluster members. To stop the cluster member upgrade from Dominant AP: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 219 Single Point Setup Cluster Firmware Upgrade Click Stop-Upgrade. STEP 1 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 220 Single Point Setup Cluster Firmware Upgrade Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 221: Deauthentication Reason Code Table

    Deauthenticated because sending station (STA) is leaving or has left Independent Basic Service Set (IBSS) or ESS Disassociated due to inactivity Disassociated because WAP device is unable to handle all currently associated STAs Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 222 Element in 4-Way Handshake different from (Re)Association Request/ Probe Response/Beacon frame Invalid group cipher Invalid pairwise cipher Invalid AKMP Unsupported RSNE version Invalid RSNE capabilities IEEE 802.1X authentication failed Cipher suite rejected because of the security policy Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 223: Where To Go From Here

    Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco WAP551 and WAP561 Access Point. Support Cisco Small Business Support www.cisco.com/go/smallbizsupport Community Cisco Small Business Support www.cisco.com/go/smallbizhelp...
  • Page 224 Where to Go From Here Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 225 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

This manual is also suitable for:

Wap561

Table of Contents