Using The Cli To Disable Coverage Hole Detection On A Wlan; Configuring Nac Out-Of-Band Integration - Cisco 2100 Series Configuration Manual
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Configuration manual (406 pages)
Table of Contents
Advertisement
Chapter 6
Configuring WLANsWireless Device Access
Click Apply to commit your changes.
Step 5
Click Save Configuration to save your changes.
Step 6
Using the CLI to Disable Coverage Hole Detection on a WLAN
Using the controller CLI, follow these steps to disable coverage hole detection on a WLAN.
To disable coverage hole detection on a WLAN, enter this command:
Step 1
config wlan chd wlan_id disable
Step 2
To save your settings, enter this command:
save config
Step 3
To see the coverage hole detection status for a particular WLAN, enter this command:
show wlan wlan_id
Information similar to the following appears:
WLAN Identifier.................................. 2
Profile Name..................................... wlan2
Network Name (SSID).............................. 2
. . .
CHD per WLAN.................................. Disabled
Configuring NAC Out-of-Band Integration
The Cisco NAC Appliance, also known as Cisco Clean Access (CCA), is a network admission control
(NAC) product that allows network administrators to authenticate, authorize, evaluate, and remediate
wired, wireless, and remote users and their machines prior to allowing users onto the network. It
identifies whether machines are compliant with security policies and repairs vulnerabilities before
permitting access to the network. The NAC appliance is available in two modes: in-band and
out-of-band. Customers can deploy both modes if desired, each geared toward certain types of access
(in-band for supporting wireless users and out-of-band for supporting wired users, for example).
In controller software releases prior to 5.1, the controller integrates with the NAC appliance only in
in-band mode, where the NAC appliance must remain in the data path. For in-band mode, a NAC
appliance is required at each authentication location (such as at each branch or for each controller), and
all traffic must traverse the NAC enforcement point. In controller software release 5.1 or later, the
controller can integrate with the NAC appliance in out-of-band mode, where the NAC appliance remains
in the data path only until clients have been analyzed and cleaned. Out-of-band mode reduces the traffic
load on the NAC appliance and enables centralized NAC processing.
To implement the NAC out-of-band feature on the controller, you need to enable NAC support on the
WLAN or guest LAN and then map this WLAN or guest LAN to an interface that is configured with a
quarantine VLAN (untrusted VLAN) and an access VLAN (trusted VLAN). When a client associates
and completes Layer 2 authentication, the client obtains an IP address from the access VLAN subnet,
but the client state is Quarantine. While deploying the NAC out-of-band feature, be sure that the
quarantine VLAN is allowed only between the Layer 2 switch on which the controller is connected and
the NAC appliance and that the NAC appliance is configured with a unique quarantine-to-access VLAN
mapping. Client traffic passes into the quarantine VLAN, which is trunked to the NAC appliance. After
OL-17037-01
Cisco Wireless LAN Controller Configuration Guide
Configuring WLANs
6-55
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
