Page 1
Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide First Published: 2016-11-23 Last Modified: 2019-07-09 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com...
TFTP Upgrade Reboot Schedule Reboot Configuration Management Backup Configuration Files Download Configuration Files Copying Configuration Files Clearing Configuration Files C H A P T E R 3 System Configuration Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 6
Management System Settings Connect Session Settings/HTTP/HTTPS Service SSL Certificate File Status SNMP / SNMPv2c Settings SNMPv3 Views SNMPv3 Groups SNMPv3 Users SNMPv3 Targets Plug and Play (PnP) Security Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 7
Configuring WDS Bridge WPA/PSK on WDS Links WorkGroup Bridge C H A P T E R 6 Fast Roaming Fast Roaming Configuring Fast Roaming Configuring Remote Key Holder List Profiles Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 8
QoS Association Guest Access Guest Access Instance Table Guest Group Table Guest User Account Web Portal Customization C H A P T E R 9 Cisco Umbrella Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide viii...
Page 9
DeAuthentication Message Reason Codes Deauthentication Message Reason Codes Deauthentication Reason Code Table A P P E N D I X B Where to Go from Here Where to Go from Here Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 10
Contents Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The IP address can also be specified as the subnet IP address so that all subnet addresses, are added to the local intranet zone. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
2. Locate the IP address of the WAP device. 1. The WAP device can be accessed and managed by using the Cisco FindIT Network Discovery Utility. This utility enables you to automatically discover all supported Cisco devices in the same local network segment as your computer.
Page 13
Time, on page Step 11 Click Next. The Configure Device - Set Password window appears. Step 12 Enter a New Password and enter it again in the Confirm Password field. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Access Point Setup Wizard with mobile style appears. This helps you perform the initial configurations. To configure the Access Point using the wizard, complete the following steps: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 15
Point with this SSID and the pre-shared key, cisco123. Launch a browser and enter an arbitrary IP address or a domain name. A web page with login fields is displayed. Enter the default user name and password: cisco. Click Log In. The Access Point Setup Wizard is displayed.
• Remote IP Address — The IP address of a remote host using this service. All indicates that the service is available to all remote hosts that access the system. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Ethernet (PoE) which includes two power supply modes of 802.3.af and 802.3at from a Power Sourcing Equipment (PSE). When power source is insufficient (802.3af), the WAP device retains the following configuration information. • The Radio1(5GHZ) is disabled. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
View System Log, on page 27 Traffic Statistics Traffic Statistics, on page 108 For additional information on the device, you can access the product support page or the Cisco Support Community by: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The following table describes the commonly used buttons that appear on various pages in the system: Button Description Name Adds a new entry to a table or database. Cancel Cancels a change made to the page. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 20
Edits an existing entry. Refresh Refreshes the current page with the latest data. Apply Applies/Saves the settings or configuration. Update Updates the new information to the startup configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Select Administration > Firmware. The product ID (PID VID), active and inactive firmware version are displayed. Step 2 Click Swap Images. A dialog box appears confirming the firmware image switch and subsequent reboot. Step 3 Click Yes to proceed. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Step 4 To verify that the firmware upgrade completed successfully, log into the configuration utility, open the Upgrade Firmware page, and view the active firmware version. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Startup Configuration. The Mirror Configuration is preserved across factory resets, so it can be used to recover a system configuration after a factory reset by copying the Mirror Configuration to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
For a TFTP backup, enter the Configuration Filename with an.xml extension. Also include the path where the file is to be stored on the server and then enter the TFTP Server IPv4 Address. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Static IP—Manually configure the IPv4 address. The IPv4 address should be in a form similar to xxx.xxx.xxx.xxx (192.168.1.100). • Static IP Address, Subnet Mask, and Default Gateway—Enter the static IP address, subnet mask and default gateway. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
DHCP Server for DHCP requests. Note Configuration upload operation by User/Cisco overrides the Auto Configuration so that the chosen configuration file is given preference. In any other cases of rebooting the AP such as firmware upgrade or reboot operations, existing Auto Configuration settings will be effective.
• Default IPv6 Gateway —The statically configured default IPv6 gateway. • IPv6 Domain Name Servers — Select one of the following options: • Dynamic — The DNS servers are recognized dynamically through the DHCPv6. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
This is the default mode. Note WAP581 supports static LAG and does not support the LACP. Ensure that the LAG works with WAP581 device. This helps the user to switch the LAG from the default mode to the others. The Port Settings Table includes the following status and configurations for an Interface (LAN): •...
Spanning Tree Protocol In the Spanning Tree Protocol mode, the Enable checkbox is checked by default to enable the STP mode on the Cisco WAP device. When enabled, STP helps prevent switching loops. STP is recommended if you configure the WDS links.
The system administrator can view the Bonjour enabled WAP’s using the latest Internet Explorer plug-in (Cisco FindIT tool). All WAP devices present in a cluster, are shown under the cluster name after the Bonjour discovery process. The administrator should ensure that the name of the cluster is unique within a network.
The current system time appears at the top of the page, along with the System Clock Source option. Automatically Acquiring the Time Settings through NTP To automatically acquire the time settings from a NTP server, follow these steps: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Ends — Select the week, day, month, and time when daylight savings time ends. • Daylight Saving Offset — Specify the number of minutes to move the clock forward when daylight savings time begins and backward when it ends. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Only enable persistent logging to debug a problem. Make sure that you disable persistent logging after you finish debugging the problem. Configuring the Persistent Log Step 1 Select Notification > Log Settings. Step 2 Configure these parameters: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Using the default port is recommended. If you reconfigure the log port, make sure that the port number that you assign to syslog is available for use. Step 3 Click Apply. The changes are saved to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Select Notification > Email Alert. Step 2 In the Email Alert area, configure the following parameters: • Administrative Mode — Check Enable to enable the email alert feature. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Email Subject — Enter the text to appear in the email subject line. This can be up to a 255-character alphanumeric string. Step 5 Click Apply. Email Alert Examples The following example shows how to fill in the Mail Server Configuration parameters: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Step 1 Select System Configuration > User Accounts. The User Account Table shows the currently configured users. The user cisco is preconfigured in the system and has Read/Write privileges. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Step 1 Select System Configuration > User Accounts. The User Account Table shows the currently configured users. The user cisco is preconfigured in the system to have Read/Write privileges. The password for the user cisco can be changed. Step 2 Select the user to configure and click Edit.
• HTTP Service — Enable or disable access through HTTP. By default, HTTP access is disabled. If you disable it, any current connections using that protocol are disconnected. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
In the Transfer SSL Certificate from (Device to PC) area, select HTTP/HTTPS or TFTP as the download option and click Transfer. • If you select HTTP/HTTPS, confirm the download and then browse to the location to save the file on your network. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• User Defined — The set of user defined SNMP requests that are permitted. • NMS IPv4 Address/Name — Enter the IPv4 IP address, DNS host name, or subnet of the network management system (NMS). Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
This section summarizes the critical guidelines for the SNMPv3 view configuration. Please read all the notes before proceeding. Note A MIB view called all is created by default in the system. This view contains all management objects supported by the system. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• RW — A read/write group using authentication and data encryption. Users in this group use the MD5 key or password for authentication and a DES key or AES128 for encryption. The SHA, DES and AES128 Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
To delete a group, check the group in the list and click Delete. To edit a group, check the group in the list and click Edit. SNMPv3 Users Use the SNMP Users table to define users, associate a security level to each user, and configure the security keys per user. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Informs are sent, not traps. For SNMP versions 1 and 2, the traps are sent. Each target is defined with a target IP address, UDP port, and SNMPv3 user name. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Edit. Plug and Play (PnP) Cisco Open Plug-n-Play (PnP) agent is a software application running on a Cisco SMB device. When a device is powered on, the Open Plug-n-Play agent discovery process, which is embedded in the device, attempts to discover the address of the Open Plug-n-Play server which helps automate the process of deploying and provisioning new devices into the network.
1 to 64 standard alphanumeric and special characters. The key is case sensitive and must match the key configured on the RADIUS server. The text that you enter appears as asterisks. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
If you selected TFTP, enter the Filename and the TFTP Server IPv4 Address. d) Click Upload. A confirmation window appears, followed by a progress bar to indicate the status of the upload. Step 5 Click Apply. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• SSID — The Service Set Identifier (SSID) for the WAP device. • Privacy — Indicates whether there is any security on the rogue device. The options are: • Off — Security mode is off (no security). Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The list contains the MAC addresses of all APs that have been added to the Trusted AP List. By default, the filename is Rogue1.cfg. You can use a text editor or web browser to open the file and view its contents. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Maximum Password Length — The maximum password character length is a range from 64 to 127. The default is 64. • Minimum Password Length — The minimum password character length is a range from 0 to 32. The default is 8. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Minimum WPA-PSK Length — Enter a key length value. The minimum key length in number of characters is from 8 to 16. The default is 8. Step 4 Click Apply. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• 802.11a — 802.11a clients can connect to the WAP device. • 802.11a/n/ac — 802.11a clients, 802.11n, and 802.11ac clients operating in the 5-GHz frequency can connect to the WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 56
For radios in the 5 GHz band, when DFS support is on and the regulatory domain requires radar detection on the channel, the Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) features of 802.11h are activated. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 57
WAP device awaiting pickup. The DTIM period indicates how often the clients served by this WAP device should check for buffered data awaiting pickup. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 58
• Fixed Multicast Rate — The transmission rate in Mbps for broadcast and multicast packets. This setting can be useful in an environment where the wireless multicast video streaming occurs, provided the wireless clients are capable of handling the configured rate. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 59
• On — The WAP device handles TSPEC requests according to the TSPEC settings that you configure on the Radio page. • Off — The WAP device ignores TSPEC requests from client stations. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Each VAP is identified by a user-configured Service Set Identifier (SSID). Multiple VAPs cannot have the same SSID name. SSID broadcasts can be enabled or disabled independently on each VAP. SSID broadcast is enabled by default. SSID Naming Conventions Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Each VAP is associated with a VLAN, and is identified by a VLAN ID (VID). A VID can be any value from 1 to 4094, inclusive. The WAP581 device supports 33 active VLANs (32 for WLAN plus one management VLAN).
Page 62
• It is configured on a per-VAP basis and needs to be enabled on both the radios. • It is not encouraged on the VAPs with time-sensitive voice or video traffic. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• WPA-TKIP — This network has client stations that only support the original WPA and TKIP security protocol. Note that selecting the WPA-TKIP only is not allowed as per the latest Wi-Fi Alliance requirements. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 64
The WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes CCMP (AES), and TKIP encryption. The Enterprise mode requires the use of a RADIUS server to authenticate the users. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 65
Check this option to use the global RADIUS server settings, or uncheck this option to use a separate RADIUS server for the VAP and enter the RADIUS server IP address and key in the appropriate fields. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
MAC addresses on the list, or to deny access only to addresses on the list. Up to 512 Client addresses can be added to the filter list. To configure the Client filter follow these steps: Step 1 Select Wireless > Client Filter. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The WAP device supports up to 16 profiles. Only valid rules are added to the profile. Up to 16 rules are grouped together to form a scheduling profile. Periodic time entries belonging to the same profile cannot overlap. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Start Time (24hh:mm)— Set the time when the radio or VAP is enabled. The time is in hh:mm 24-hour format. The range is <00-23>:<00-59>. The default is 00:00. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Data 1 (Video) — High priority queue, with minimum delay. Time-sensitive video data is automatically sent to this queue. • Data 2 (Best Effort) — Medium priority queue, with medium throughput and delay. Most traditional IP data is sent to this queue. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 70
Configure the following additional settings: • No Acknowledgement — Check Enable to specify that the WAP device should not acknowledge frames with QosNoAck as the service class value. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 71
• Unscheduled Automatic Power Save Delivery — Check Enable to enable APSD. The APSD is recommended if VoIP phones access the network through the WAP device. Step 7 Click Apply. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 72
Wireless Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The wireless clients can still connect to an WAP device that is operating as a repeater. Before you configure WDS on the WAP device, note these guidelines: • All Cisco WAP devices participating in a WDS link must have the following identical settings: • Radio •...
You can verify if the bridge link is up by accessing the Monitor > Dashboard > Wireless page. In the Interface Note Status table, the WDS(x) status should state Up. WPA/PSK on WDS Links These additional fields appear when you select WPA/PSK as the encryption type: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
WAP device. WDS is a better solution and is preferred over the Work Group Bridge solution. Use WDS if you are bridging the Cisco WAP150 and Cisco WAP361 devices. If you are not, then consider the Work Group Bridge. When the Work Group Bridge feature is enabled, the VAP configurations are not applied;...
Page 76
• None • None • WPA Personal • WPA Personal • WPA Enterprise Connection Status Indicates whether the WAP is connected to the Not Applicable (N/A) upstream WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 77
Client Filter, on page 56 for instructions on creating the Client filter Note list. Step 5 Click Apply. The associated downstream clients now have connectivity to the upstream network. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 78
Wireless Bridge WorkGroup Bridge Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
These steps give a general description of how to configure fast roaming: Step 1 Select Fast Roaming > Roaming Table. Step 2 Click ✚ to add a new row to the roaming table. Step 3 Configure the following parameters: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
AP MAC address to fetch the PMKR1 key. This MAC address must be unique across all the VAPs. • NAS ID — NAS ID configured on the destination FBT enabled VAP. • RRB Key — Key used to encrypt RRM protocol messages. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 81
Click Apply after copying or deleting a profile. Caution Clicking Export for selected profile/s will export only those profiles. Clicking Export with no profiles selected will Export all the profiles. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 82
Fast Roaming Configuring Remote Key Holder List Profiles Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Single Point Setup creates a dynamic, configuration-aware cluster, or group, of WAP devices in the same subnet of a network. A cluster supports a group of up to 16 configured WAP581 devices, but no other non-WAP581 models in the same cluster.
Plan your Single Point Setup cluster. Be sure that two or more WAP devices that you want to cluster are the same model. For example, Cisco WAP581 devices can only cluster with other Cisco WAP581 devices. It is strongly recommended to run the same firmware version on all clustered WAP devices. Firmware can be Note upgraded from the Dominant AP (Cluster Controller).
Email Alert HTTP/HTTPs Service (Except SSL Certificate Radio Settings Including TSPEC Settings (Some Configuration) exceptions) Log Settings Rogue AP Detection Client Filter Scheduler Management Access Control SNMP and SNMPv3 Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 86
Other Configuration Settings and Parameters that are Not Propagated in Single Point Setup Utilization Threshold Port Settings Bonjour VLAN and IPv4 IPv6 Address Bridge IPv6 Tunnel Packet Capture Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
IP address and the MAC-address is established in the subnet. The Cluster IP address configuration is shared among all the clustered APs. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The filename cannot contain the following items: spaces, <, >, |, \, : , (, ), &, ; , #, ? , *, and two or more successive periods. 3. Enter the TFTP Server IPv4 Address and click Start-Upgrade. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
For example, if the channel interference must be reduced by 75 percent and the proposed channel assignments will only reduce the interference by 30 percent, then the channels will not be reassigned. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The WAP devices that are not locked may be assigned to different channels than what they were previously using, depending on the results of the plan. Refresh the page to see the new channel assignment table. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
WAP device inspects the frame and checks the ACL rules against the content of the frame. If any of the rules match the content, a permit or deny action is taken on the frame. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Because there is an implicit deny all rule at the end of every ACL, traffic that is not explicitly permitted is dropped. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 93
A wild card mask is basically the inverse of a subnet mask. For example, to match the criteria to a single host address, use a wild card mask of 0.0.0.0. To match the criteria to a 24-bit subnet (for example, 192.168.10.0/24), use a wild card mask of 0.0.0.255. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
To delete or modify a rule, select the rule in the Details Of Rule(s) area and click Delete or Edit. Step 8 Click Apply. Configure IPv6 ACLs To configure an IPv6 ACL: Step 1 Select Access Control > ACL. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 95
• Select From List — Choose the keyword associated with the source port to match: ftp, ftpdata, http, smtp, snmp, telnet, tftp, www. Each of these keywords translates into its equivalent port number. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 96
• Select From List — Select a DSCP value from the drop down list. • Custom — Enter a custom DSCP value, from 0 to 63. Step 7 Click OK. The changes are saved to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Single Address — Enter the source MAC address to compare against an Ethernet frame. • Address/ Mask — Enter the source MAC address mask specifying which bits in the source MAC to compare against an Ethernet frame. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications, Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Next Header field in IPv6 packets. Choose the protocol to match by keyword or enter a protocol ID: • All Traffic — Allows all traffic from any protocol. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 100
• IP ToS Mask — Enter an IP ToS Mask value to identify the bit positions in the IP ToS Bits value that are used for comparison against the IP ToS field in a packet. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Next Header field in IPv6 packets. Choose the protocol to match by keyword or enter a protocol ID: • All Traffic — Allows all traffic from any protocol. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 102
• IP DSCP Match to Value — Enter a custom DSCP value from 0 to 63 Step 7 Click OK. The changes are saved to the Startup Configuration. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Custom — Matches the Ethertype in the datagram header with a custom protocol identifier that is specified. The value can be a four-digit hexadecimal number in the range of 0600 to FFFF. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Action — Select from one of the following options: • Send — Specifies that all packets for the associated traffic stream are to be forwarded if the traffic class criteria is met. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
(bps). The valid range is from 0 to 1733Mbps. Step 5 Click Apply. Note An interface can be bound with either a QoS policy or an ACL, but not both. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Captive Portal. This setting limits the bandwidth used to send data into the network. The range is from 0 to 1733Mbps. The default value is 0. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 107
• Active Directory Service — The WAP device uses a database on a remote ADS server to authenticate the users. Configure the following if using the Active Directory Service authentication setting. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 108
External Capture Portal (EXCAP) interface on the WAP. Note Make sure that your Purple WiFi account is configured right before on-boarding the Cisco AP. This ensures an appropriate functioning of the Purple WiFi redirection service.
On the device, each local user is assigned to a user group and the group is assigned to a CP instance. The group facilitates managing the assignment of users to CP instances. The user group named Default is built-in and cannot be deleted. To configure a local user: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
You can click Back button link to view the Guest Access page. To delete or modify a guest user, you need to select it and then click Delete or Edit. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The range is from 2 to 32 characters. The default is Connect. • Browser Head Prompting — The text that appears in the browser title bar. The range is from 1 to 128 characters. The default is Captive Portal. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 112
Clicking Preview will show the text and the images that have already been saved to the Startup Configuration. If you make a change, click Apply before clicking Preview to see your changes. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Cisco Umbrella Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet. It acts as a gateway between the internet and your systems and data to block malware, botnets and phishing over any port, protocol or app.
Page 114
Step 6 Click Apply to apply these configurations. The status of the registration is indicated in the Registration Status field. The status can be Successful, Registering or Failed. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• Red round — No wired connection. • Green round — Wired connection. Click the LAN link to view the LAN Status page. • Wireless • Red round — All radios are disabled. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 116
Quick Access To simplify the device configuration through quick navigation, the Getting Started page provides links for performing common tasks. For more details, see Quick Start Configuration, on page Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Click Edit to change any of these settings. You will be redirected to the Radio page. Click Refresh to refresh the screen and show the most current information. Click Back to return to the Dashboard page. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Transmit Traffic Statistics table and the Receive Traffic Statistics table respectively. • Errors—The total number of errors related to sending and receiving data on the WAP device. Note You can click Refresh to view the updated information. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The Clients page displays the client stations associated with the device. Total Number of Associated Clients—The total number of clients on the WAP device. Client Summary Displays the client summary by 802.11 client type currently on the device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 120
You can filter clients the through Clients Details, Network (SSID), and so on. Single Point Setup Clients • Clients Details—The MAC address of the associated wireless client.IPv4 Address—The IP address of the WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• RADIUS — The WAP device uses a database on a remote RADIUS server to authenticate the users. • FACEBOOK —The WAP device uses Facebook accounts to authenticate users. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 122
• Failure Time — The time at which the authentication failure occurred. A timestamp is included that shows the time of the failure. You can click Export to download the current Authenticated/Failed clients message. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
The wireless packet capture feature enables capturing and storing the packets received and transmitted by the WAP device. The captured packets can then be analyzed by a network protocol analyzer for troubleshooting or performance optimization. There are two methods of packet capture: Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Click Enable Filters. There are three checkboxes available (Ignore Beacons, Filter on Client, Filter on SSID). • Ignore Beacons — Enables or disables the capturing of 802.11 beacons detected or transmitted by the radio. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
To initiate a remote capture on a WAP device using Stream to a Remote Host option: Step 1 Select Troubleshoot > Packet Capture. Step 2 For the Packet Capture Method, click Stream to a Remote Host radio button. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Filter on Client — Specifies the MAC address for WLAN Client Filter. Note The Client Filter is active only when a capture is performed on an 802.11 interface. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
You can trace up to four interfaces on the WAP device simultaneously. However, you must start a separate Wireshark session for each interface. To initiate additional remote capture sessions, repeat the Wireshark configuration steps. No configuration required on the WAP device. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 128
WAP device from forwarding the captured beacon packets to the Wireshark tool. To reduce the performance impact of capturing the 802.11 beacons, disable the capture beacons mode. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
• The first line chart update data every 1 seconds. It will show the CPU/RAM activity in 60 seconds. • The second line chart update data every 5 seconds. It will show the CPU/RAM activity in 5 minutes. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Click Download to generate the file based on the current system settings. After a short pause, a window appears to enable you to save the file to your computer. Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Disassociated due to inactivity Disassociated because WAP device is unable to handle all currently associated STAs Class 2 frame received from nonauthenticated STA Class 3 frame received from nonassociated STA Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 132
Element in 4-Way Handshake different from (Re)Association Request/Probe Response/Beacon frame Invalid group cipher Invalid pairwise cipher Invalid AKMP Unsupported RSNE version Invalid RSNE capabilities IEEE 802.1X authentication failed Cipher suite rejected because of the security policy Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
18 digit reference number (for example: 7XEEX17D99-3X49X08 1) found in the product open source documentation. Cisco WAP581 Administration Guide http://www.cisco.com/go/500_wap_resources Cisco Power Adapters http://www.cisco.com/go/wap_accessories Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...
Page 134
Where to Go from Here Where to Go from Here Cisco WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN Administration Guide...