1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Access Point
  5. Small Business WAP551
  6. Administration manual

Cisco Small Business WAP551 Administration Manual

Wireless-n access point with poe/ wireless-n selectable-band access point with poe
Hide thumbs Also See for Small Business WAP551:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual
ADMINISTRATION
GUIDE
Cisco Small Business
WAP551 Wireless-N Access Point with PoE
and
WAP561 Wireless-N Selectable-Band Access Point
with PoE

Advertisement

Table of Contents
loading

Related Manuals for Cisco Small Business WAP551

Summary of Contents for Cisco Small Business WAP551

  • Page 1 ADMINISTRATION GUIDE Cisco Small Business WAP551 Wireless-N Access Point with PoE WAP561 Wireless-N Selectable-Band Access Point with PoE...

  • Page 2: Table Of Contents

    Email Alert Status Chapter 3: Administration System Settings User Accounts Time Settings Log Settings Email Alert HTTP/HTTPS Service Management Access Control Manage Firmware Download/Backup Configuration File Configuration Files Properties Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 3 Networks Scheduler Scheduler Association Bandwidth Utilization MAC Filtering WDS Bridge WorkGroup Bridge Quality of Service WPS Setup WPS Process Chapter 6: System Security RADIUS Server 802.1X Supplicant Password Complexity Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 4 Captive Portal Global Configuration Instance Configuration Instance Association Web Portal Customization Local Groups Local Users Authenticated Clients Failed Authentication Clients Chapter 10: Single Point Setup Single Point Setup Overview Access Points Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...
  • Page 5 Contents Sessions Channel Management Wireless Neighborhood Chapter A: Deauthentication Message Reason Codes Deauthentication Reason Code Table Appendix B: Where to Go From Here Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE...

  • Page 6: Chapter 1: Getting Started

    Internet Explorer. Select Tools > Internet Options and then select the Security tab. Select Local Intranet and select Sites. Select Advanced and then select Add. Add the intranet address of the WAP device (http://<ip- Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 7: Using The Access Point Setup Wizard

    New Cluster Name. When you configure your devices with the same cluster name and enable Single Point Setup mode on other WAP devices, they automatically join the group. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 8 It is suggested that you assign a different VLAN ID from the default (1) to wireless traffic, in order to segregate it from management traffic on VLAN 1. Click Next. STEP 15 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 9 If you click Cancel, all settings are returned to the previous or default values. If they are correct, click Submit. Your WAP setup settings are saved and a STEP 27 confirmation window appears. Click Finish. The Getting Started window appears. STEP 28 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 10: Getting Started

    Configure Single Point Setup Single Point Setup Device System Summary System Summary Status Wireless Status Network Interfaces Quick Change Account Password User Accounts Access Upgrade Device Firmware Manage Firmware Backup/Restore Configuration Download/Backup Configuration File Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 11: Window Navigation

    Adds a new entry to the table or database. Cancel Cancels the changes made to the page. Clear All Clears all entries in the log table. Delete Deletes an entry in a table. Select an entry first. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 12 Edits or modifies an existing entry. Select an entry first. Refresh Redisplays the current page with the latest data. Save Saves the settings or configuration. Update Updates the new information to the startup configuration. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 13: Chapter 2: Status And Statistics

    To view system information, select Status and Statistics > System Summary in the navigation pane. Or, select System Summary under Device Status on the Getting Started page. The System Summary page shows this information: • PID VID—The WAP hardware model and version. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 14 Connection State—The state of the service. For UDP, only connections in the Active or Established states appear in the table. The TCP states are: Listening—The service is listening for connection requests. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 15: Network Interfaces

    Point (VAP) and on each Wireless Distribution System (WDS) interface. On WAP561 devices, WLAN0 or WLAN1 precedes the VAP interface ID to indicate the associated radio interface. WLAN0 represents radio 1 and WLAN1 represents radio 2. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 16: Traffic Statistics

    (in Received table) by this WAP device. • Errors—The total number of errors related to sending and receiving data on this WAP device. You can click Refresh to refresh the screen and show the most current information. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 17: Workgroup Bridge Transmit/Receive

    You can use the Associated Clients page to view the client stations associated with a particular access point. To show the Associated Clients page, select Status and Statistics > Associated Clients in the navigation pane. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 18 Packets—Number of packets received (transmitted) from the wireless client. Bytes—Number of bytes received (transmitted) from the wireless client. Drop Packets—Number of packets dropped after being received (transmitted). Drop Bytes—Number of bytes that dropped after being received (transmitted). Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 19: Tspec Client Associations

    Network Interface—Radio interface used by the client. On WAP561 devices, WLAN0 represents radio 1 and WLAN1 represents radio 2. • SSID—Service set identifier associated with this TS client. • Station—Client station MAC address. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 20 • Access Category—TS Access Category (voice or video). • Direction—The traffic direction for this TS. Direction can be one of these options: uplink—From client to device. downlink—From device to client. bidirectional Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 21: Tspec Status And Statistics

    Network Interface—Name of the Radio or VAP interface. On WAP561 devices, WLAN0 represents radio 1 and WLAN1 represents radio 2. • Access Category—Current Access Category associated with this Traffic Stream (voice or video). Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 22 Total Video Bytes—Total TS video bytes sent (in Transmit table) or received (in Received table) by this WAP device for this VAP. You can click Refresh to refresh the screen and show the most current information. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 23: Tspec Ap Statistics

    Bytes Receive Dropped—Number of bytes received by the WAP device that were dropped. • Bytes Transmit Dropped—Number of bytes transmitted by the WAP device that were dropped. • Fragments Received—Number of fragmented frames received by the WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 24 Multiple Retry Count—Number of times an MSDU is successfully transmitted after more than one retry. • Frames Transmitted Count—Count of each successfully transmitted MSDU. You can click Refresh to refresh the screen and show the most current information. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 25: Email Alert Status

    Description—A description of the event. You can click Refresh to refresh the screen and show the most current information. You can click Clear All to clear all entries from the log. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 26: Chapter 3: Administration

    • HTTP/HTTPS Service • Management Access Control • Manage Firmware • Download/Backup Configuration File • Configuration Files Properties • Copy/Save Configuration • Reboot • Discovery—Bonjour • Packet Capture • Support Information Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 27: System Settings

    User Name: cisco • Password: cisco You can use the User Accounts page to configure up to four additional users and to change a user password. To add a new user: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 28 Select Administration > User Accounts in the navigation pane. STEP 1 The User Account Table shows the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. All other users can have Read Only Access, but not Read/Write access.

  • Page 29: Time Settings

    If a hostname includes multiple labels, each is separated by a period (.). The entire series of labels and periods can be up to 253 characters long. • Time Zone—Select the time zone for your location. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 30 Daylight Savings Offset—Specify the number of minutes to move the clock forward when daylight savings time begins and backward when it ends. Click Save. The changes are saved to the Startup Configuration. STEP 4 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 31: Log Settings

    (the persistent log) is 128, which is not configurable. Click Save. The changes are saved to the Startup Configuration. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 32 WAP device sends its kernel messages real-time for display to the remote log server monitor, a specified kernel log file, or other storage, depending on your configurations. If you disabled a Remote Log host, clicking Save disables remote logging. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 33: Email Alert

    Scheduled Message Severity—Log messages of this severity level or higher are grouped and sent to the configuration email address at the frequency specified by the Log Duration. Select from these values: None, Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 34 To Email Address 1/2/3—Enter up to three addresses to receive email alerts. Each email address must be valid. • Email Subject—Enter the text to appear in the email subject line. This can be up to a 255 character alphanumeric string. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 35 To: administrator@mailserver.com Subject: log message from AP TIME PriorityProcess Id Message Sep 8 03:48:25 info login[1457] root login on ttyp0 Sep 8 03:48:26 info mini_http-ssl[1175] Max concurrent connections of 20 reached Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 36: Http/Https Service

    • HTTPS Port—The logical port number to use for HTTP connections, from 1025 to 65535. The default port number for HTTP connections is the well- known IANA port number 443. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 37 WAP device. In the Upload SSL Certificate (From PC to Device) area, select HTTP or TFTP for the Upload Method. • For HTTP, browse to the network location, select the file, and click Upload. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 38: Management Access Control

    Enter up to five IPv4 and five IPv6 addresses that will be allowed access. STEP 3 Verify the IP addresses are correct. STEP 4 Click Save. The changes are saved to the Startup Configuration. STEP 5 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 39: Manage Firmware

    To upgrade the firmware on an access point using TFTP: Select Administration > Manage Firmware in the navigation pane. STEP 1 The Product ID (PID VID) and active and inactive firmware versions appear. Select TFTP for Transfer Method. STEP 2 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 40 When the process is complete, the access point restarts and resumes normal operation. To verify that the firmware upgrade completed successfully, log into the user STEP 4 interface, display the Upgrade Firmware page, and view the active firmware version. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 41: Download/Backup Configuration File

    ? , *, and two or more successive periods. For a TFTP backup only, enter the TFTP Server IPv4 Address. STEP 5 Select which configuration file you want to back up: STEP 6 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 42 Click Save to begin the upgrade or backup. For HTTP downloads, a window STEP 6 appears to enable you to browse to select the file to download. When the download is finished, a window indicates success. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 43: Configuration Files Properties

    Select the Source File Name: STEP 2 • Startup Configuration—Configuration file type used when the WAP device last booted. This does not include any configuration changes applied but not yet saved to the WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 44: Reboot

    Any customized settings are lost. A window appears to enable you to confirm or cancel the reboot. The current management session might be terminated. Click OK to reboot. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 45: Discovery-Bonjour

    The WAP device advertises these service types: • Cisco-specific device description (csco-sb)—This service enables clients to discover Cisco WAP devices and other products deployed in small business networks. • Management user interfaces—This service identifies the management interfaces available on the WAP device (HTTP and SNMP).
  • Page 46 Packets not destined to the WAP device are not forwarded. As soon as the capture is completed, the radio reverts to nonpromiscuous mode operation. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 47 WLAN1:VAP0—VAP0 traffic on Radio 2 (for WAP561 devices only). VAP1 to VAP15, if configured—Traffic on the specified VAP. For WAP561, the interface names are preceded by WLAN0: or WLAN1:, where WLAN0 represents Radio 1 and WLAN1 represents Radio 2. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 48 A Microsoft Windows computer running the Wireshark tool allows you to display, log, and analyze captured traffic. The remote packet capture facility is a standard feature of the Wireshark tool for Windows. Linux version does not work with the WAP device. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 49 IP address, there is a pull-down list for you to select the interfaces. The interface can be one of the following: Linux bridge interface in the wap device --rpcap://[192.168.1.220]:2002/brtrunk Wired LAN interface -- rpcap://[192.168.1.220]:2002/eth0 VAP0 traffic on radio 1 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 50 !(wlan.fc.type_subtype == 8 | | wlan.fc.type == 1) • Data frames only: wlan.fc.type == 2 • Traffic on a specific BSSID: wlan.bssid == 00:02:bc:00:17:d0 • All traffic to and from a specific client: wlan.addr == 00:00:e8:4e:5f:8e Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 51 Enter the TFTP Server Filename to download if different from the default. By STEP 2 default, the captured packets are stored in the folder file /tmp/apcapture.pcap on the WAP device. Specify a TFTP Server IPv4 Address in the field provided. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 52: Support Information

    Information in the navigation pane. Click Download to generate the file based on current system settings. After a short pause, a window appears to enable you to save the file to your computer. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 53: Chapter 4: Lan

    When enabled, the port negotiates with its link partner to set the fastest link speed and duplex mode available. • When disabled, you can manually configure the port speed and duplex mode. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 54: Vlan And Ipv4 Address Settings

    Management VLAN ID—The VLAN associated with the IP address you use to access the WAP device. Provide a number between 1 and 4094 for the Management VLAN ID. The default is 1. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 55: Ipv6 Addresses

    Configure these IPv4 settings: STEP 3 • Connection Type—By default, the DHCP client on the Cisco WAP551 and WAP561 Access Point automatically broadcasts requests for network information. If you want to use a static IP address, you must disable the DHCP client and manually configure the IP address and other network information.
  • Page 56 Blank (no value)—No IP address is assigned or the assigned address is not operational. • IPv6 Autoconfigured Global Addresses—If the WAP device has been assigned one or more IPv6 addresses automatically, the addresses are listed. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 57: Ipv6 Tunnel

    IPv6 Tunnel The WAP551 and WAP561 devices support the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP). ISATAP enables the WAP device to transmit IPv6 packets encapsulated within IPv4 packets over the LAN. The protocol enables the WAP device to communicate with remote IPv6-capable hosts even when the LAN that connects them does not support IPv6.
  • Page 58 When the tunnel is established, the ISATAP IPv6 Link Local Address and ISATAP IPv6 Global Address show on the page. These are the virtual IPv6 interface addresses to the IPv4 network. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 59: Chapter 5: Wireless

    Radio settings directly control the behavior of the radio in the WAP device and its interaction with the physical medium; that is, how and what type of signal the WAP device emits. To configure radio settings: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 60 Also, for the dual-radio WAP561, Radio 1 supports either the 2.4 GHz (the default selection) or 5 GHz band, but Radio 2 supports the 5 GHz band only. The single radio on the WAP551 device supports either band.
  • Page 61 Reducing the guard interval can yield a 10 percent improvement in data throughput. The client with which the WAP device is communicating must also support the short guard interval. Select one of these options: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 62 10, clients check on every 10th beacon. • Fragmentation Threshold—The frame size threshold in bytes. The valid integer must be even and in the range of 256 to 2346. The default is 2346. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 63 WAP device at any one time. You can enter an integer between 0 and 200. The default is 200 stations.Therefore, the single- radio WAP551 device can support up to 200 clients, whereas the dual-radio WAP561 device can support up to 400 clients total.
  • Page 64 802. 1 1n wireless clients. Check the box below the MCS index number to enable it or uncheck it to disable the index. You cannot disable all indexes at the same time. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 65 WAP device before sending or receiving a voice traffic stream. The WAP device responds with the result of the request, which includes the allotted medium time if the TSPEC was admitted. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 66 TSPEC Legacy WMM Queue Map Mode—Enables or disables the intermixing of legacy traffic on queues operating as ACM. By default, this mode is off. Click Save. The changes are saved to the Startup Configuration. STEP 6 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 67: Rogue Ap Detection

    AP to the Trusted AP List. If the AP is in the Trusted AP list, you can click Untrust to move the AP to the Detected Rogue AP List. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 68 IEEE 802. 1 1a, IEEE 802. 1 1b, IEEE 802. 1 1g.) The number shown indicates the mode: 2.4 indicates IEEE 802. 1 1b, 802. 1 1g, or 802. 1 1n mode (or a combination of the modes). Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 69 You can import a list of known APs from a saved list. The list might be acquired from another AP or created from a text file. If the MAC address of an AP appears in the Trusted AP List, it is not detected as a rogue. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 70: Networks

    VAP. SSID broadcast is enabled by default. The default SSID for VAP0 is ciscosb. Every additional VAP created has a blank SSID name. The SSIDs for all VAPs can be configured to other values. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 71 Each VAP is associated with a VLAN, which is identified by a VLAN ID (VID). A VID can be any value from 1 to 4094, inclusive. The WAP551 and WAP561 devices support 17 active VLANs (16 for WLAN plus one management VLAN).
  • Page 72 • Security—The type of authentication required for access to the VAP: None Static WEP Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 73 After new settings are saved, the corresponding processes may be stopped and CAUTION restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 74 WEP Keys—You can specify up to four WEP keys. In each text box, enter a string of characters for each key. The keys you enter depend on the key type selected: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 75 WAP device. Also, client stations configured to use WEP as an open system (shared key mode not enabled) can associate with the WAP device even if they do not have the correct WEP key. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 76 You can use any of a variety of authentication methods that the IEEE 802. 1 X mode supports, including certificates, Kerberos, and public key authentication. You must configure the client stations to use the same authentication method the WAP device uses. These parameters configure Dynamic WEP: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 77 Key 2 to Key 4—The RADIUS key associated with the configured backup RADIUS servers. The server at Server IP (IPv6) Address 2 uses Key 2, the server at Server IP (IPv6) Address 3 uses Key 3, and so on. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 78 WPA and WPA2 client stations associate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interoperability in place of some security. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 79 • WPA Versions—The types of client stations to be supported: WPA—If all client stations on the network support the original WPA but none support the newer WPA2, and then select WPA. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 80 RADIUS settings that you define for the WAP device (see RADIUS Server). However, you can configure each VAP to use a different set of RADIUS servers. To use the global RADIUS server settings, make sure the check box is selected. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 81 Broadcast Key Refresh Rate—The interval at which the broadcast (group) key is refreshed for clients associated with this VAP. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 82: Scheduler

    Status—The operational status of the Scheduler. The range is Up or Down. The default is Down. • Reason—The reason for the scheduler operational status. Possible values are: IsActive—The scheduler is administratively enabled. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 83 A Scheduler profile must be associated with a radio interface or a VAP interface to NOTE be in effect. See the Scheduler Association page. To delete a rule, select the profile from the Profile Name column and click Delete. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 84: Scheduler Association

    If bandwidth utilization is enabled, in the Maximum Utilization Threshold box, STEP 3 enter the percentage of network bandwidth utilization allowed on the radio before the WAP device stops accepting new client associations. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 85: Mac Filtering

    The filter setting also applies to the MAC filtering list stored on the NOTE RADIUS server, if one exists. In the MAC Address field, enter the MAC address to allow or block and click Add. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 86: Wds Bridge

    MAC entry. WDS Bridge The Wireless Distribution System (WDS) allows you to connect multiple WAP551 and WAP561 devices. With WDS, access points communicate with one another without wires. This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks.
  • Page 87 Before you configure WDS on the WAP device, note these guidelines: • WDS only works with Cisco WAP551 and Cisco WAP561 devices. • All Cisco WAP devices participating in a WDS link must have the following identical settings: Radio IEEE 802. 1 1 Mode...
  • Page 88 You can verify that the bridge link is up by going to the Status and Statistics > Network Interface page. In the Interface Status table, the WLAN0:WDS(x) status should state Up. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 89 The WPA-PSK key is a string of at least 8 characters to a maximum of 63 characters. Acceptable characters include uppercase and lowercase alphabetic letters, the numeric digits, and special symbols such as @ and #. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 90: Workgroup Bridge

    WAP device. WDS is a better solution and is preferred over the WorkGroup Bridge solution. Use WDS if you are bridging Cisco WAP121, WAP321, WAP551, and WAP561 devices. If you are not, then consider WorkGroup Bridge. When the WorkGroup Bridge feature is enabled, the VAP configurations are not applied;...
  • Page 91 AP Detection (which is also disabled by default). • Security—The type of security to use for authenticating as a client station on the upstream WAP device. Choices are: None Static WEP WPA Personal Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 92 MAC address list on a RADIUS server. If you select Local or RADIUS, see MAC Filtering for instructions on creating the MAC filter list. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 93: Quality Of Service

    WiFi Alliance default values, which are best for general, mixed traffic. • Optimized for Voice—Populates the WAP device and Station EDCA parameters with values that are best for voice traffic. • Custom—Enables you to choose custom EDCA parameters. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 94 Maximum Contention Window—The upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 95 APSD, which is a power management method. APSD is recommended if VoIP phones access the network through the WAP device. Click Save. The changes are saved to the Startup Configuration. STEP 5 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 96: Wps Setup

    WAP device. During a brief exchange of WPS protocol messages, the WAP device supplies the new client with a new security configuration through Extensible Authentication Protocol (EAP). Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 97 • Enrollee—A device that can join the wireless network. • AP—A device that provides wireless access to the network. • Registrar—An entity that issues security credentials to enrollees and configures APs. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 98 WPS. Push-button Control The WAP device enrolls 802. 1 1 clients through WPS by one of two methods: the Push-Button Control (PBC) method, or the Personal Identification Number (PIN) method. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 99 WAP device with an enabled built-in registrar pushes a similar (hardware or software) button. This sequence begins the enrollment process, and the client device joins the network. Although the Cisco WAP devices do not support an actual hardware button, the administrator can initiate the enrollment for a particular VAP using a software button in the web- based configuration utility.
  • Page 100 WAP device with an ER by: Entering the ER PIN on the WAP device. STEP 1 Entering the WAP device PIN on the user interface of the ER. STEP 2 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 101 VAP on the network. The WAP device supports one instance only. Configure the global parameters: STEP 2 • Supported WPS Version—The WPS protocol version that the WAP device supports. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 102 Configured. Configured—VAP settings are not configured by the external registrar and will retain the existing configuration. Click Save. The changes are saved to the Startup Configuration. STEP 4 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 103: Wps Process

    Enter the PIN of the client in the PIN Enrollment text box and click Start. STEP 3 Apart from WPS-compliant eight-digit device PIN (which may contain leading NOTE zeroes), “stop” can also be entered in the PIN Enrollment box to stop the enrollment. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 104 WPS-enabled BSS. The Instance Status section shows the following information about the WPS instance selected in the WPS Instance ID list: • WPS Status—Whether the selected WPS instance is enabled or disabled. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 105 If the field is set to Configured, then these values are configured by the administrator. You can click Refresh to update the page with the most recent status information. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 106: Chapter 6: System Security

    In addition to using the global RADIUS servers, you can also configure each VAP to NOTE use a specific set of RADIUS servers. See the Networks page. To configure global RADIUS servers: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 107 If you enable RADIUS accounting, it is enabled for the primary RADIUS server and all backup servers. Click Save. The changes are saved to the Startup Configuration. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 108: 802.1X Supplicant

    802. 1 X authenticator. The username can be 1 to 64 characters long. ASCII-printable characters are allowed, which includes uppercase and lowercase alphabetic letters, numeric digits, and all special characters except quotation marks. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 109 <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods. Click Upload. STEP 3 A confirmation window appears, followed by a progress bar to indicate the status of the upload. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 110: Password Complexity

    Password Aging Time—The number of days before a newly created password expires, from 1 to 365. The default is 180 days. Click Save. The changes are saved to the Startup Configuration. STEP 4 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 111: Wpa-Psk Complexity

    8 to 16. The default is 8. Check the box to make the field editable and to activate this requirement. Click Save. The changes are saved to the Startup Configuration. STEP 4 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 112: Chapter 7: Client Quality Of Service

    ACLs are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources. ACLs can block any unwarranted attempts to reach network resources. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 113 These steps give a detailed description of how to configure ACLs: Select Client QoS > ACL in the navigation pane. STEP 1 Enter these parameters to create a new ACL: STEP 2 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 114 ACL, traffic that is not explicitly permitted is dropped. • Match Every Packet—If selected, the rule, which either has a permit or deny action, matches the frame or packet regardless of its contents. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 115 Match to Port—The IANA port number to match to the source port identified in the datagram header. The port range is 0 to 65535 and includes three different types of ports: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 116 IP DSCP—Matches packets based on their IP DSCP value. If you select IP DSCP, choose one of these options as the match criteria: Select From List—DSCP Assured Forwarding (AS), Class of Service (CS), or Expedited Forwarding (EF) values. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 117 Source Port—Select this option to include a source port in the match condition for the rule. The source port is identified in the datagram header. If selected, choose the port name or enter the port number. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 118 Ethernet frame. • Source MAC Mask—Select this field and enter the source MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 119: Class Map

    Best-effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will. During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 120 To configure a class map: Select the class map from the Class Map Name list. STEP 1 Configure the parameters (parameters that appear only for IPv4 or IPv6 class STEP 2 maps are noted): Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 121 Destination IP Mask (IPv4 only)—The destination IP address mask. The mask for DiffServ is a network-style bit mask in IP dotted decimal format indicating which part(s) of the destination IP address to use for matching against packet content. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 122 Match to Port—Matches the destination port in the datagram header with an IANA port number that you specify. The port range is from 0 to 65535 and includes three different types of ports: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 123 MAC address, a MAC mask of 00:00:00:00:ff:ff is used. A MAC mask of 00:00:00:00:00:00 checks all address bits and is used to match a single MAC address. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 124: Policy Map

    The WAP device supports up to 50 policy maps. A policy map can contain up to 10 class maps. To add and configure a policy map: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 125 IP DSCP value you select from the list or specify. Select from List—A list of DSCP types. Match to Value—A DSCP value that you specify. The value is an integer between 0 to 63. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 126: Client Qos Association

    From the VAP list, select the VAP on which you want to configure client QoS STEP 3 parameters. Select Enable for the Client QoS Global to enable this feature. STEP 4 Configure these parameters for the selected VAP: STEP 5 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 127 WAP device in the outbound (WAP-to-client) direction. • DiffServ Policy Up—The name of the DiffServ policy applied to traffic sent to the WAP device in the inbound (client-to-WAP) direction. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 128: Client Qos Status

    When a packet or frame is received by the WAP, the ACL rules are checked for a match. The packet or frame is processed if it is permitted and discarded if it is denied. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 129 DiffServ Policy Up—The name of the DiffServ policy applied to traffic sent to the WAP device in the inbound (client-to-WAP) direction. • DiffServ Policy Down—The name of the DiffServ policy applied to traffic from the WAP device in the outbound (WAP-to-client) direction. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 130: Chapter 8: Simple Network Management Protocol

    1025 to 65535. Configure the SNMPv2 settings: STEP 4 • Read-only Community—A read-only community name for SNMPv2 access. The valid range is 1 to 256 alphanumeric and special characters. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 131 Given the example above, the machines with addresses from 192. 1 68. 1 . 1 through 192. 1 68. 1 .254 can execute SNMP commands on the device. (The address identified by suffix .0 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 132 After new settings are saved, the corresponding processes may be stopped and NOTE restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 133: Views

    (.) or a colon (:). Only hex characters are accepted in this field. For example, OID mask FA.80 is 11111010. 1 0000000. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 134: Groups

    MIB view. The default groups RO and RW cannot be deleted. NOTE The WAP device supports a maximum of eight groups. NOTE To add and configure an SNMP group: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 135 Click Save. The group is added to the SNMPv3 Groups list and your changes are STEP 5 saved to the Startup Configuration. To remove a group, select the group in the list and click Delete. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 136: Users

    Encryption Type—The type of privacy to use on SNMP requests from the user, which can be one of these options: DES—Use DES encryption on SNMPv3 requests from the user. None—SNMPv3 requests from this user require no privacy. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 137: Targets

    Users—Enter the name of the SNMP user to associate with the target. To configure SNMP users, see the Users page. Click Save. The user is added to the SNMPv3 Targets list and your changes are STEP 5 saved to the Startup Configuration. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 138 Simple Network Management Protocol Targets To remove an SMMP target, select the user in the list and click Delete. NOTE Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 139: Chapter 9: Captive Portal

    You can configure CP verification to allow access for both guest and authenticated users. The Captive Portal feature is available on the WAP5xx devices and the Cisco NOTE WAP321 device.

  • Page 140: Captive Portal Global Configuration

    User Count—The number of CP users currently configured on the WAP device. Up to 128 users can be configured. Click Save. The changes are saved to the Startup Configuration. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 141: Instance Configuration

    Verification—The authentication method for CP to use to verify clients: Guest—The user does not need to be authenticated by a database. Local—The WAP device uses a local database to authenticated users. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 142 IPv4 and IPv6 RADIUS address settings, but the WAP device contacts only the RADIUS server or servers of the address type you select in this field. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 143 CP instance from the Web Customization page. • Delete Instance—Deletes the current instance. Click Save. Your changes are saved to the Startup Configuration. STEP 6 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 144: Instance Association

    Enter a Web Locale Name to assign to the page. The name can include from 1 to STEP 3 32 alphanumeric characters and the underscore. From the Captive Portal Instances list, select the CP instance that this locale is STEP 4 associated with. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 145 • Locale—An abbreviation for the locale, from 1 to 32 characters. The default is en. • Account Image—The image file to show above the login field to depict an authenticated login. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 146 Acceptance Use Policy check box. The range is from 1 to 128 characters. The default is Error: You must acknowledge the Acceptance Use Policy before connecting! Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 147 Image Type Default Width by Height Background Shows as the page background. 10 by 800 pixels Logo Shows at top left of page to provide 168 by 78 pixels branding information. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 148: Local Groups

    The group facilitates managing the assignment of users to CP instances. The user group named Default is built-in and cannot be deleted. You can create up to two additional user groups. To add local user groups: Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 149: Local Users

    AP. If the time specified in this field expires before the client attempts to reauthenticate, the client entry is removed from the authenticated client list. The range is from 0 to 1440 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 150: Authenticated Clients

    HTTPS). • Verification—The method used to authenticate the user on the Captive Portal, which can be one of these values: Guest—The user does not need to be authenticated by a database. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 151: Failed Authentication Clients

    VAP ID—The VAP that the user is associated with. • Radio ID—The ID of the radio. For the single-radio WAP551 device, this field shows Radio 1. For the dual radio WAP561 device, this field shows Radio 1 or Radio 2.
  • Page 152 VAP ID—The VAP that the user is associated with. • Radio ID—The ID of the radio. For the single-radio WAP551 device, this field shows Radio 1. For the dual radio WAP561 device, this field shows Radio 1 or Radio 2.

  • Page 153: Chapter 10: Single Point Setup

    Single Point Setup creates a dynamic, configuration-aware cluster, or group, of WAP devices in the same subnet of a network. A cluster supports a group of up to 16 configured WAP551 and WAP561 devices, but no other models in the same cluster.
  • Page 154 Plan your Single Point Setup cluster. Be sure the two or more WAP devices you STEP 1 want to cluster are compatible with each other. For example, Cisco WAP551 devices can only cluster with other Cisco WAP551 or WAP561 devices.
  • Page 155 If there are configuration changes in both the disconnected device and the cluster, then the device with the greatest number of changes and, Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 156 Captive Portal Password Complexity Client QoS User Accounts Email Alert HTTP/HTTPs Service (Except SSL Certificate Radio Settings Including Configuration) TSpec Settings (Some exceptions) Log Settings Rogue AP Detection MAC Filtering Scheduler Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 157 Broadcast or Multicast Rate Limiting Channel Bandwidth Short Guard Interval Supported Radio Configuration Settings and Parameters that are Not Propagated in Single Point Setup Channel Beacon Interval DTIM Period Maximum Stations Transmit Power Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 158: Access Points

    Location—Enter a description of where the access point is physically located, for example, Reception. The location field is optional. • Cluster Name—Enter the name of the cluster for the WAP device to join, for example Reception_Cluster. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 159 The address is the MAC address for the bridge (br0), and is the address by which the WAP device is known externally to other networks. • IP Address—The IP address for the access point. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 160 In this case, you can click the IP address in the table on the Access Points page to show the web-based configuration utility for the particular access point. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 161: Sessions

    AP Location—The location of the access point. The location is derived from the location specified on the Administration > System Settings page. • User MAC—The MAC address of the wireless client. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 162: Channel Management

    WAP devices in a Single Point Setup cluster. Automatic channel assignment reduces mutual interference (or interference with other WAP devices outside of its cluster) and maximizes Wi-Fi bandwidth to help maintain efficient communication over the wireless network. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 163 Auto option is not available for the Channel field on the Wireless > Radio page. See Viewing Channel Assignments and Setting Locks for information on the current and proposed channel assignments. To stop automatic channel assignment, click Stop. STEP 3 Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 164 WAP devices that are not locked may be assigned to different channels than they were previously using, depending on the results of the plan. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 165 The default is one hour, meaning that channel usage is reassessed and the resulting channel plan is applied every hour. If you change these settings, click Save. The changes are saved to the active configuration and the Startup Configuration. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 166: Wireless Neighborhood

    Cluster—The list at the top of the table shows IP addresses for all WAP devices that are clustered together. (This list is the same as the members list on the Single Point Setup > Access Points page.) Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 167 To view details on a cluster member, click the IP address of a member at the top of the page. The following details for the device appear below the Neighbors list. • SSID—The Service Set Identifier for the neighboring access point. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 168 Signal—The strength of the radio signal detected from the access point, measured in decibels (dB). • Beacon Interval—The beacon interval used by the access point. • Beacon Age—The date and time of the last beacon received from this access point. Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 169: Chapter A: Deauthentication Message Reason Codes

    Disassociated because WAP device is unable to handle all currently associated STAs Class 2 frame received from nonauthenticated STA Class 3 frame received from nonassociated STA Disassociated because sending STA is leaving or has left Basic Service Set (BSS) Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 170 Request/Probe Response/Beacon frame Invalid group cipher Invalid pairwise cipher Invalid AKMP Unsupported RSNE version Invalid RSNE capabilities IEEE 802. 1 X authentication failed Cipher suite rejected because of the security policy Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...

  • Page 171: Appendix B: Where To Go From Here

    Where to Go From Here Cisco provides a wide range of resources to help you and your customer obtain the full benefits of the Cisco WAP551 and WAP561 Access Point. Support Cisco Small Business www.cisco.com/go/smallbizsupport Support Community Cisco Small Business www.cisco.com/go/smallbizhelp...
  • Page 172 Where to Go From Here Cisco Small Business Cisco Partner Central for www.cisco.com/web/partners/sell/smb Small Business (Partner Login Required) Cisco Small Business www.cisco.com/smb Home Cisco Small Business WAP551 and WAP561 Wireless-N Access Point...
  • Page 173 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

This manual is also suitable for:

Small business wap561

Table of Contents